US20190356672A1 - Controlling access to secured data via timed filtering of data - Google Patents
Controlling access to secured data via timed filtering of data Download PDFInfo
- Publication number
- US20190356672A1 US20190356672A1 US16/414,504 US201916414504A US2019356672A1 US 20190356672 A1 US20190356672 A1 US 20190356672A1 US 201916414504 A US201916414504 A US 201916414504A US 2019356672 A1 US2019356672 A1 US 2019356672A1
- Authority
- US
- United States
- Prior art keywords
- data
- secured
- access
- adjusted
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0254—Stateful filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2111—Location-sensitive, e.g. geographical location, GPS
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
Definitions
- This disclosure relates generally to the field of data security, and more specifically relates to controlling access to secured data.
- Information requestor systems may request data related to a user, and generate a classification recommendation of the user based on analysis of the requested information.
- the classification may indicate, for example, a recommendation in response to an expert query.
- the data that is requested may include secured data, including secured data that is available to the requestor system for a limited amount of time.
- the requested data may include secured data from multiple source with different access policies or permissions.
- a conventional requestor system may retain data that is provided to it, creating a security vulnerability that could be attacked or exploited by malicious actors. Furthermore, retention of the data by the conventional requestor system could be inconsistent with the access policy of the source. If the conventional system accesses multiple sources of data with various access policies, some of the access policies may prevent the conventional system from using the data. To be compliant with the access policies of the multiple data sources, the conventional requestor system may generate a less accurate classification, based on only some of the requested data.
- an access control system receives, from a requestor system, a request for information.
- the request represents secured data that is stored by a secured source.
- the access control system provides the request to the secured source via a first access interface, and receives, from the secured source, the secured data and an identified time period.
- the access control system selects a portion of the secured data based on one or more lenses including a filter criteria or a modification instruction.
- the access control system generates adjusted data that comprises the requested information and a modification of the selected portion of data. The modification is based on the one or more lenses and the selected portion of data.
- the access control system provides the adjusted data via a second access interface, such as to the requestor system.
- the access control system upon completion of the identified time period, prevents the requestor system from accessing the adjusted data, by disabling the second access interface. In addition, the access control system deletes the adjusted data from a local memory device, and disables the first access interface.
- FIG. 1 is a block diagram depicting an example of a computer system for controlling access to secured data, according to certain implementations
- FIG. 2 is a flow chart diagram depicting an example of a process for controlling access to secured data, according to certain implementations
- FIG. 3 is a diagram depicting an example of a system that may apply lenses to modify secured data, according to certain implementations
- FIG. 4 is a diagram depicting an example of a computer system by which a user may interact with personal data, according to certain implementations.
- FIG. 5 is a block diagram depicting an example of a computing system for implementing an access control system, according to certain implementations.
- an access module may control access to secured data received from multiple sources.
- the access module may enable (or disable) access interfaces to additional computing systems, such as a data repository that stores secured data, or a requestor system that requests information from the secured data.
- the access module may also use lenses to modify the secured data. Modifications may be based on an access policy associated with the data repository. For example, the access module may generate adjusted data that includes the requested information, but modifies or omits other portions of the secured data, based on one or more of the lenses.
- the access module may allow the requestor system to access the adjusted data, but not the secured data. In some cases, the adjusted data may be available to a requestor system for a limited amount of time.
- the adjusted data may be deleted (or otherwise withheld) from the requestor system after the period of time is completed.
- An access module that is located remotely from a requestor system may improve security by reducing opportunities for inappropriate modification (e.g., hacking) by the requestor system.
- the remote location of the access module may improve security for the secured data, by leveraging the access module's ability to generate adjusted data without permitting the requestor system access to a source of secured data that is being adjusted.
- prior techniques for providing data to a requestor system do not adequately protect sensitive information represented by secured data.
- the data that is analyzed may include large quantities of sensitive types of information, such as employment history, educational information, financial information, or medical history.
- Conventional requestor systems may request the sensitive information to generate an accurate classification.
- the classification recommendation may be considered inappropriate by a person associated with the sensitive information. If the requestor system has access to secured data representing all of the person's sensitive information, the person may consider the generated recommendation an invasion of privacy. As a result, secured data may not be used to its fullest extent in a conventional system.
- an access control computing system may mediate information requests and responses between additional computing systems, such as the requestor system and the data repository.
- additional computing systems such as the requestor system and the data repository.
- the security of any sensitive data is improved.
- using a network architecture that includes three computing systems e.g., the requestor system, the access control system, and the data repository
- the access control system may determine attributes based on the secured data. For example, an attribute may be generated by the access control systems based on a lens that is applied to the secured data. The attribute may indicate an equivalency between the requested data and the secured data, such as an equivalency between geographical regions, financial metrics, employment or education information, or other types of variables. In some cases, the access control system may generate a score associated with the attributes, such as a score based on multiple weighted attributes and a relative trust of each attribute.
- a requestor system requests secured information, such as to generate a classification recommendation for a user based on analysis of the secured information.
- the request may be received by an access module, which may determine one or more types of secured information associated with the request.
- the access module may provide an access request to a third-party system, such as a data repository, that securely stores one (or more) of the types of secured information.
- the third-party system may enable the access module to access the stored secured information during a period of time.
- the access module may implement a timer for the period of time. Upon completion of the period of time, the access module may have limited or no access to the secured information stored by the third-party system.
- security is improved by reducing a number of computing systems that have access to the data.
- the access module may allow the requestor system to access adjusted data that is based on the secured data. For example, the access module may select portions of the secured data according to a lens indicating one or more filter criteria, and allow the requestor system to access the filtered data. In addition, the access module may generate adjusted data based on the secured data and the lens, such as adjusted data that omits sensitive or private information, and allow the requestor system to access the adjusted data. The access module may also generate one or more attributes based on either the secured data or the adjusted data, and provide the attributes or a related score to the requestor system. In some cases, the access module may allow the requestor system to access the adjusted data (e.g., filtered data, modified data) or scored attributes during the period of time. In addition, the access module may prevent the requestor system from accessing the secured data stored with the third-party system.
- adjusted data e.g., filtered data, modified data
- the access module may prevent the requestor system from accessing the secured data stored with the third-party system.
- FIG. 1 depicts an example of a computing environment 100 in which access to secured data may be controlled.
- an access module 110 may control access to data that is stored in one or more of data repositories 130 a , 130 b , or 130 c .
- the data repositories 130 a , 130 b , or 130 c may store secured data, such as data representing sensitive, private, or otherwise protected types of information.
- the access module 110 may control the access of a requestor system 160 to the stored data, including the secured data. Security of the sensitive information may be improved, for example, by limiting access of the requestor system 160 to the secured data, such as by controlling access via the access module 110 .
- the access module 110 may include one or more access interfaces.
- each access interface may be associated with a particular computing system with which the access module communicates.
- the access interface 150 may be associated with the requestor system 160 , such that communications between the access module 110 and the requestor system 160 are enabled via the access interface 150 .
- the access interfaces 140 a , 140 b , and 140 c may be respectively associated with the data repositories 130 a , 130 b , or 130 c , such that respective communications between the access module 110 and the data repositories 130 a , 130 b , or 130 c are enabled via the access interfaces 140 a , 140 b , and 140 c .
- Each particular access interface may include security features to ensure that computing systems other than the computing system associated with the particular access interface cannot establish communications via the particular access interface.
- Techniques to provide an access interface include an application programming interface (“API”), queries or structured calls to databases, or any other suitable technique.
- API application programming interface
- the access module 110 may include one or more lenses, such as lenses 120 .
- Each lens may include information, such as filter criteria or modification instructions, describing a modification that may be applied to data.
- the lenses 120 include computer-executed code or other instructions, and perform operations to modify the data based on the code or instructions.
- the lenses 120 indicate code or instructions that are stored elsewhere (e.g., in a memory device, in a storage device), such that the access module 120 performs the operations to modify the data based on the indications from the lenses 120 .
- the access module 110 or the lenses 120 may generate adjusted data.
- the adjusted data is generated based on secured data provided by one or more of the data repositories 130 a , 130 b , or 130 c.
- the access module 110 receives a request for information, such as the information request 161 from the requestor system 160 .
- the requestor system 160 may request the information, for example, for the purpose of generating a classification recommendation as a response to an expert query, such as an expert query about (without limitation) a medical or employment decision.
- the requestor system 160 may request information that is related to a user of the requestor system 160 , such as a customer that has requested the classification recommendation.
- the information requested by the requestor system 160 may be secured data, such as data that describes personally identifiable information (“PII”), medical information, employment information, or any other type of sensitive data.
- PII personally identifiable information
- the access module 110 may determine a source for the requested information, such as one or more of the data repositories 130 a , 130 b , or 130 c . For example, the access module 110 may determine that the requested information is stored by the data repository 130 a . The access module 110 may generate an access request 111 that indicates one or more of the requested information, an identification of the access module 110 , an identification of the requestor system 160 , or any other suitable access information.
- the access module 110 may provide the access request 111 to the data repository 130 a .
- the access module 110 may provide the access interface 140 a to the data repository 130 a .
- Providing the access interface 140 a may include one or more of enabling the interface 140 a ; exchanging security information with the data repository 130 a ; disabling any of the other access interfaces 150 , 140 b , or 140 c ; or any other suitable operation.
- the data repository 130 a may determine secured data that includes, or otherwise represents, the requested information.
- the data repository 130 a may establish a connection with the access module 110 via the access interface 140 a .
- the connection between the data repository 130 a and the access module 110 may be enabled by one or more networks or additional computing systems.
- one or both of the data repository 130 a or the access module 110 may terminate the connection, for example, if correct security information is not exchanged or if the requested information is not available in the data repository 130 a .
- the access module 110 may temporarily or permanently disable the access interface 140 a.
- the access module 110 may receive from the data repository 130 a the secured data that includes the requested information.
- receiving the secured data may include one or more of creating a copy of the secured data in a local memory or storage device of the access module 110 , or accessing, via the access interface 140 a , the secured data stored in a memory or storage device of the data repository 130 a.
- the access module 110 may receive from the data repository 130 a data identifying a time period.
- the time period may indicate a time span during which the access module 110 may access the secured data.
- the time period may indicate a duration of access time (e.g., a duration of five minutes).
- the time period may indicate one or more timestamps indicating a starting or ending point of the access time (e.g., until 09:00:00, between 15:00:00 and 15:03:00).
- the time period may indicate a quantity of events by which the access module 110 may access the secured data.
- the time period may indicate a particular number of access events (e.g., access to the secured data is allowed on up to three occasions).
- the time period indicates a combination of a duration and a quantity of events (e.g., access is allowed on up to six occasions, and no more than once per month).
- the access module 110 may activate a timer 115 .
- the timer 115 may determine or otherwise track an amount of time remaining in the time period.
- the access module 110 may perform one or more operations related to controlling access of the requestor system 160 to the secured data.
- the access module may perform one or more operations related to terminating access of the requestor system 160 to the secured data.
- the access module 110 may access the secured data based on the time period. For example, the access module 110 may modify the secured data based on one or more of the lenses 120 . The access module 110 may select a portion of the data based on filter criteria or modification instructions included in the lens. In addition, the access module may generate adjusted data that is based on the secured data and the modification(s) indicated by the lens. The adjusted data may include, or otherwise represent, the information requested by the requestor system 160 . In some cases, the adjusted data may include one or more attributes generated by the access module 110 , or a score related to the attributes.
- the adjusted data includes data having a granularity, such as a high-granularity representation that includes a relatively large quantity of data, such as several thousand records from a database, or a low-granularity representation that includes a relatively small quantity of data, such as a dozen records from a database.
- the low-granularity representation includes a single number or text item that summarizes the secured data.
- the access module 110 selects a particular lens based on an indication from one or more of the requestor system 160 , the data repository 130 a , or another one of the lenses 120 .
- the requestor system 160 may indicate a lens related to time decay (e.g., including data from the past two years, omitting data older than five years, weighting recent data more heavily than older data).
- the data repository 130 a may indicate another lens related to user preferences (e.g., omitting a user's name from the data).
- a particular one of the lenses may indicate another lens (e.g., the lens related to user preferences may indicate a lens related to anonymizing data, such as to anonymize the user's name).
- the access module 110 selects a lens that modifies a granularity of the adjusted data, such as modifying high-granularity data into low-granularity adjusted data (or low-granularity data into high-granularity adjusted data). Additionally or alternatively, the selected lens modifies a granularity of a portion of the adjusted data, or modifies multiple granularities of respective portions of the adjusted data.
- the adjusted data may be multi-granularity data that includes a first data portion having high granularity and a second data portion having low granularity.
- the requestor system 160 may access the adjusted data via the access interface 150 during the time period.
- the requestor system 160 may perform analysis of the adjusted data, such as to generate a recommendation in response to an expert query.
- Security and privacy may be increased for any sensitive information represented by the secured data, such as by allowing the requestor system to access the adjusted data instead of the secured data.
- the data may be used to its fullest extent.
- the access module 110 may terminate, or otherwise reduce, access of the requestor system 160 to the adjusted data. For example, the access module 110 may modify a granularity of the adjusted data, such as modifying a high-granularity representation of the adjusted data into a low-granularity representation. Furthermore, the access module 110 may prevent the requestor system 160 from accessing the adjusted data by disabling the access interface 150 . In addition, the access module 110 may remove the adjusted data, such as by deleting the adjusted data from the local memory or storage device of the access module 110 . In addition, the access module 110 may remove any locally stored copies of the secured data, if such local copies had been created. In some cases, the access module 110 may disable the access interface 140 a .
- the computing environment 100 may provide an architecture in which the access module is remotely located from the requestor system 160 , or from the data repositories 130 a , 130 b , and 130 c , or from both.
- the architecture of the computing environment 100 may more easily limit access of the requestor system 160 to the adjusted data, such as by disabling the access interface 150 .
- the access module 110 may access data from multiple sources in response to a particular request for information.
- the requestor system 160 may request information describing online transactions of multiple users.
- the access module may provide the access interfaces 140 a , 140 b , and 140 c to the respective data repositories 130 a , 130 b , and 130 c .
- Each of the data repositories 130 a , 130 b , and 130 c may provide access to its respective secured data, and may also provide a respective time period during which the access module 110 may access the respective secured data.
- One or more of the respective time periods may indicate a different amount of time (or different timestamps).
- the access module 110 may select one or more portions of the secured data, generate adjusted data based on the selected potion and one or more of the lenses 120 , and enable access to the adjusted data via the access interface 150 .
- the access module 110 may select a portion of the secured data based on a user preference lens, remove some of the selected portion based on a time decay lens, and anonymize the remainder of the portion based on an anonymization lens.
- the access module may generate adjusted data based on the selected, time-adjusted, and anonymized data portion.
- the requestor system 160 may access the adjusted data based on the respective time periods (e.g., a duration of time, a quantity of access events).
- the access module 110 may revise the adjusted data to omit data related to the expired time period (e.g., based on secured data from the data repository 130 c ), and provide access to the revised adjusted data.
- one or more of the data repositories 130 a , 130 b , or 130 c may be hosted by third-party organizations (e.g., organizations that do not also operate either the access module 110 or the requestor system 160 ).
- the data may be classified, such as in an ontology of data.
- the classification is based on one or more of the lenses 120 .
- a lens may classify data into categories, such as based on a source of data (e.g., credit card purchasing data, bank savings history, borrowing data, educational history, employment history).
- a lens may aggregate data based on an abstraction of the data, such as a type (e.g., PII, financial, demographic, professional), a range of time, or any other suitable abstraction.
- classification of data may be based on domain knowledge, such as classification into types based on previous expertise.
- classification of data may be based on machine learning algorithms or other automated techniques of classification.
- an intended use of data may be used as the basis of a data classification.
- Data in the data repositories 130 a , 130 b , and 130 c may be received or stored via one or more techniques.
- the data may be receiving by one or more computing systems operated by an entity (e.g., a company, a non-profit organization, a governmental agency) during normal operations of the entity.
- Data may be gathered, for example, during operations such as applying for a mortgage, maintaining a bank account, investing money, or other operations related to lending or borrowing financial resources.
- such data related to lending and/or borrowing may be accessible by the access module based on a sharing requirement, such as a governmental regulation or contractual agreement.
- a user e.g., a consumer participating in the mortgage application, investment, etc.
- access to lending/borrowing data may be determined based in part on a lens indicating a sharing requirement. Additionally or alternatively, access to lending/borrowing data may be determined based in part on a lens indicating a data granularity that is allowed (or disallowed) by the sharing requirement.
- data may be received by one or more computing systems operated by an entity that has a business relationship with a user (e.g., a customer of a company, a student of a university). Data may be gathered, for example, based on transactions, communications, received products (e.g., purchased items, grades or degrees received), or other interactions between the entity and the user during the business relationship.
- data related to business transactions may be accessible by the access module based on a permission granted by the user.
- the user may be able to allow or prevent sharing of the transaction data (e.g., by granting or withdrawing a permission).
- the user could decide to allow sharing of the transaction data to improve accuracy of a recommendation generated by the requestor system 160 .
- access to transaction data may be determined based in part on a lens indicating a permission granted (or withheld) by the user. Additionally or alternatively, access to transaction data may be determined based in part on a lens indicating a data granularity that is allowed (or disallowed) by the user.
- the data in the data repositories 130 a , 130 b , and 130 c may be provided to one or more of the computer systems by the user, such as via a user interface implemented in an application, web browser, or voice-activated personal assistant.
- the user may provide data to a computer system associated with the access module 110 , to create a profile.
- One or more lenses may be generated, for example, based on a profile determined by the user.
- the user may provide data related to personal interests, such as preferred business relationships, hobbies, medical conditions, news topics, or any other area personal interest. In some cases, data related to personal interests may be accessible by the access module based on a permission granted by the user.
- the user could decide to allow sharing of the personal interest data to improve accuracy of a recommendation generated by the requestor system 160 .
- the user could allow sharing of personal interest data related to an exercise goal and dietary restrictions, to improve accuracy of a recommendation related to offers received by the user.
- access to personal interest data may be determined based in part on a lens indicating a permission granted (or withheld) by the user. Additionally or alternatively, access to personal interest data may be determined based in part on a lens indicating a data granularity that is allowed (or disallowed) by the user.
- a profile created based on user data and permissions may be associated with the user, such as by a universal identification (“ID”).
- the profile may be initiated or updated based on lending/borrowing data, transaction data, personal interest data, or any combination of these.
- the universal ID of the profile may be based on one or more identifying items, such as a password, biometric data, knowledge-based queries, a token, or any other identifying item or combination of identifying items.
- the universal ID may be created by a software module based on an encrypted combination of multiple biometrics (e.g., iris scan, voiceprint, face recognition, fingerprint, infrared vein image).
- the data in the data repositories 130 a , 130 b , and 130 c may be received using one or more transmission techniques, such as batch transfers, periodic transfers, a push/pull transfer (e.g., in response to a notification), or by any other suitable transmission technique.
- the data may be stored in any suitable format, including on one or more databases, in a shared database, in a virtual or distributed computing system (e.g., cloud systems), in a distributed ledger (e.g., blockchain ledgers), or in any other suitable format.
- FIG. 2 is a flow chart depicting an example of a process 200 for controlling access to secured data that represents sensitive information.
- a computing device executing an access module implements operations described in FIG. 2 , by executing suitable program code.
- the process 200 is described with reference to the examples depicted in FIG. 1 . Other implementations, however, are possible.
- the process 200 involves receiving a request for information that is stored in a secured source.
- the requested information may be included, for example, in secured data that is stored on the secured source.
- the access module 110 may receive an information request 161 that indicates information stored on one or more of the data repositories 130 a , 130 b , or 130 c .
- the access module 110 may determine that the requested information is included in secured data stored on the secured source.
- the process 200 involves providing, to the secured source, one or both of a first access interface and an access request.
- the access request indicates the requested information.
- the access module 110 may provide to the data repository 130 a the access interface 140 a , such as by enabling the access interface 140 a .
- the access module 110 may provide to the data repository 130 a the access request 111 .
- the access request 111 may include (or otherwise describe) the information request 161 , security information associated with the access module 110 or the access interface 140 a , or any other suitable information.
- the process 200 involves receiving one or both of secured data and an indication of a time period.
- the secured data may be received from (or otherwise accessible via) the secured source.
- the indicated time period may be received from the secured source, or determined based on other information received from the secured source (e.g., an authentication certificate with a timestamp).
- the access module 110 may receive (or access) the secured data stored on data repository 130 a via the access interface 140 a .
- the access module 110 may receive an indication of a time period from (or based on information from) the data repository 130 a.
- the process 200 involves determining whether the time period is completed. For example, the timer 115 may measure a period of time indicated by the data repository 130 a . Additionally or alternatively, the timer 115 may measure a quantity of access events indicated by the data repository 130 a . If operations related to block 235 determine that the time period is ongoing (e.g., a time duration is not complete, a quantity of access events is greater than zero), process 200 may proceed to another block, such as block 240 . If operations related to block 235 determine that the time period is complete, process 200 may proceed to another block, such as block 270 .
- the timer 115 may measure a period of time indicated by the data repository 130 a . Additionally or alternatively, the timer 115 may measure a quantity of access events indicated by the data repository 130 a . If operations related to block 235 determine that the time period is ongoing (e.g., a time duration is not complete, a quantity of access events is greater than zero), process 200 may proceed to another block, such as block 240
- the process 200 involves selecting a portion of the secured data.
- the portion of the secured data may be based on a lens.
- multiple lenses may be used (e.g., simultaneously or individually) to select the portion of the secured data.
- a lens may be selected based on information received with the request for information, or from the secure source, or based on information included in another lens.
- the access module may select some or all of the secured data from the data repository 130 a , based on one or more of the lenses 120 .
- the access module 110 may determine which of the lenses 120 to use based on one or more indications received from the requestor system 160 , the data repository 130 a , or another one of the lenses 120 .
- the process 200 involves generating adjusted data.
- the adjusted data may be based on one or both of the lens and the selected portion of the secured data.
- the adjusted data may comprise one or more of the requested information, a modification of the selected portion of the secured data, a high-granularity or low-granularity representation of the selected portion of the secured data, attributes based on the selected portion of the secured data, or a score related to the adjusted data (e.g., a score of the attributes).
- the access module 110 may generate adjusted data that includes a modification of the secured data from the data repository 130 a , such that the modification is based on one or more of the lenses 120 .
- the adjusted data may include the requested information indicated by the information request 161 .
- the process 200 involves providing a second access interface to an additional computing system, such as a requestor system.
- the second access interface is provided to a requestor system that provided the request for information.
- Adjusted data such as the adjusted data generated based on the lens and the secured data, may be accessible via the second access interface.
- the access module 110 may provide the access interface 150 to the requestor system 160 , to access adjusted data generated by the access module 110 .
- the process 200 may proceed to another block, such as one or more of blocks 235 , 240 , or 210 .
- the process 200 may proceed to one or more of blocks 270 , 280 , or 290 .
- the access module may perform one or more operations related to one or more of blocks 270 , 280 , or 290 .
- the process 200 involves disabling the second access interface.
- Disabling the second access interface may include terminating a network connection, revoking a security certificate, or any other suitable technique.
- the access module 110 may disable the access interface 150 such that the requestor system 160 cannot access the adjusted data via the access interface 150 .
- the process 200 involves disabling the first access interface, such as by using any suitable technique.
- the access module 110 may disable the access interface 140 a such that the secured data stored with data repository 130 a is not accessible by the access module 110 .
- the process 200 involves deleting the generated adjusted data.
- additional data related to the adjusted data is also deleted, such as the request for information, timer information, or any locally stored secured data.
- the access module 110 may delete the adjusted data and any local copies of the secured data that are stored on a memory device for the access module 110 .
- the access module 110 may also delete the information request 161 , or delete (or otherwise modify) the timer 115 .
- operations related to one or more of blocks 235 , 240 , 250 , 260 , 270 , 280 , and 290 are repeated for additional secured sources that store secured data related to the request for information.
- the access module 110 may determine that each of the data repositories 130 a , 130 b , and 130 c include secured data related to the information request 161 .
- the access module 110 may generate adjusted data based on secured data from each of the data repositories 130 a , 130 b , and 130 c .
- the access module 110 may also maintain additional timer information for each of the data repositories 130 a , 130 b , and 130 c , and provide (or disable) one or more of the access interfaces 140 a , 140 b , 140 c , and 150 based on some or all of the additional timer information.
- secured data may be modified based on one or more lenses.
- a lens may include filter criteria, modification instructions, or any combination of these.
- an access module may generate adjusted data from the secured data. For example, and not by way of limitation, the access module may select a portion of the secured data based on a filter criterion, and convert values in the selected data based on a modification instruction.
- the access module may modify the secured data based on a combination of lenses, including simultaneous combinations, such as multiple lenses that are applied as part of a particular modification, or sequential combinations, such as multiple lenses that are applied in a series of ordered or unordered modifications.
- the access module 110 provides the access interfaces 140 a and 150 , respectively, to the data repository 130 a and the requestor system 160 .
- the access module 110 may enable or disable the access interfaces 140 a and 150 , for example, based on information received from either the requestor system 160 or the data repository 130 a.
- the access module receives the information request 161 from the requestor system 160 . Based on the information request 161 , the access module 110 may determine that the requestor system 160 has requested information that is stored on a secure data source. For example, the information request may indicate some or all of secured data 330 , which is stored on the data repository 130 a . In additional or alternative implementations, the access module 110 may determine that the requested information may be determined based on the secured data 330 , such as based on an analysis or modification of some or all of the secured data 330 .
- the access module 110 may provide the access request 111 to the data repository 130 a .
- the access request 111 may be provided via the access interface 140 a .
- the access request 111 may indicate the information requested by the requestor system 160 .
- the access request 111 may indicate additional information, such as an identification of the access interface 140 a or security information associated with one or more of the access module 110 or the requestor system 160 .
- the data repository 130 a may provide access to the secured data 330 based on the access request 111 .
- the access module 110 may receive (or otherwise access) some or all of the secured data 330 via the access interface 140 a .
- the access module 110 receives an indication of a time period from the data repository 130 a .
- the timer 115 may be instantiated based on the time period indicated by the data repository 130 a , or on a time period indicated in a lens (e.g., one of the lenses 120 ), or a combination of indicated time periods.
- the secured data 330 is depicted as remaining on the data repository 130 a and the timer 115 is depicted as remaining on the access module 110 , but other implementations are possible.
- a copy of some or all of the secured data 330 may be stored on a local memory device of the access module 110 .
- the data repository 130 a may instantiate an additional timer in an additional memory device local to the data repository 130 a.
- the access module 110 may generate adjusted data 310 based on the secured data 330 .
- the adjusted data 310 may be stored on the local memory device of the access module 110 .
- the access module 110 may provide access to the adjusted data 310 via the access interface 150 .
- the requestor system 160 may access the adjusted data 310 and perform an analysis based on the requested information that is included in the adjusted data 310 .
- the requestor system 160 may generate a classification recommendation 360 based on the adjusted data 310 (or on the analysis thereof).
- the access module may terminate access to the adjusted data 310 , such as by disabling one or more of the access interfaces 150 or 140 a .
- the access module 110 may delete (or otherwise modify) the adjusted data 310 from the local memory device of the access module 110 . If a local copy of the secured data 330 is stored on the local memory device of the access module 110 , the access module 110 may also delete the local copy upon completion of the indicated time period.
- the access module generates the adjusted data based on one or more lenses.
- a lens selector module 320 included in the access module 110 may determine that the adjusted data 310 is to be generated based on a modification of the secured data 330 .
- the lens selector module 320 may select a lens 322 , a lens 324 , and a lens 326 by which the adjusted data 310 is to be generated.
- the selected lenses 322 , 324 , and 326 may be selected based on, for example, information received from one or more of the requestor system 160 , the data repository 130 a , or another one of the selected lenses 322 , 324 , and 326 .
- the access module 110 may generate the adjusted data 310 based on a combination of the selected lenses 322 , 324 , and 326 .
- the access module 110 may apply any of the selected lenses 322 , 324 , and 326 simultaneously, or in a sequence.
- the access module may modify the secured data 330 based on the selected lens 322 to generate a first set of adjusted data.
- the access module may modify the first set of adjusted data based on the selected lenses 324 and 326 to generate a second set of adjusted data. Additional modifications may be made based on additional lenses (or combinations of lenses).
- the access module 110 may provide access to the adjusted data 330 after all lenses that are selected by the lens selection module 320 are applied.
- a lens may include one or more filter criteria, wherein portions of the secured data are withheld or included based on the filter criteria.
- filter criteria include (without limitation) matching a data characteristic, selecting data from a range, comparing data to a threshold, or any other suitable filter criterion.
- data that is to be withheld is modified, such as to anonymize (or otherwise render incomprehensible) the data to be withheld.
- lenses may be inclusive, such as a lens indicating that data meeting one or more criteria is included or represented in adjusted data (e.g., a whitelist). Additionally or alternatively, lenses may be exclusive, such as a lens indicating that data meeting one or more criteria is excluded from or unrepresented in adjusted data (e.g., a blacklist).
- a lens may include one or more modification instructions, wherein portions of the secured data are modified based on the modification instructions.
- modification instructions include (without limitation) expert rules, mathematical operations, combination of the data with additional data, or any other suitable modification instruction.
- a particular lens can include filter criteria or modification instructions that are directed to a particular type of modification.
- lens types include (without limitation) user preference, anonymization, data abstraction, time decay, data weighting, data confidence, data equivalence, data granularity, regulatory requirements, categorical, transactional, or any other suitable category of modification by which adjusted data may be generated.
- Lenses may be used together, such that the adjusted data is generated based on multiple lenses.
- a lens may indicate an additional lens to perform a modification of secured data. For example, based on an instruction in a user preference lens, the access module may determine that the secured data is to be anonymized. In addition, the access module may select an anonymization lens and apply the anonymization lens to the secure data.
- a user preference lens may include filter criteria or modification instructions that indicate a preference instruction provided by a user, such as a customer who is using the requestor system.
- the user may provide the preference instruction via, for example, a user interface (e.g., graphical interface, voice interface, text interface) on a computing device (e.g., a personal computer, a smartphone, a voice-activated virtual assistant).
- a user interface e.g., graphical interface, voice interface, text interface
- a computing device e.g., a personal computer, a smartphone, a voice-activated virtual assistant.
- the preference instruction is provided via a data curation assistant system.
- Adjusted data that is generated based on the user preference lens may omit, include, or modify portions of the secured data (or a granular representation of the secured data) as indicated by the preference instruction.
- An anonymity lens may include filter criteria or modification instructions that anonymize a portion of the secured data.
- the anonymity lens may include filter criteria to omit sensitive data, such as PII or financial account information.
- the anonymity lens may include modification instructions that modify the secured data such that sensitive data is withheld, such as by obscuring (e.g., blurring, hashing, redacting) the sensitive data.
- the sensitive data is withheld while a context of the sensitive data is provided (e.g., describing a quantity of credit card transactions while obscuring associated account numbers).
- a granularity lens may include filter criteria or modification instructions that indicate a granularity (e.g., a level of detail) for some or all of the secured data.
- the granularity lens may include criteria or instructions indicating a level of detail for a portion of the secured data.
- the granularity lens may include filter criteria to generate a high-granularity representation of a first portion of the secured data, such as a highly detailed representation of a relatively large quantity of data (e.g., several thousand records from a database).
- the high-granularity representation includes secured data that is considered raw data (e.g., generated data that is unchanged subsequent to generation).
- the granularity lens may include filter criteria to generate a low-granularity representation of a second portion of the secured data, such as a low-detail representation of a relatively small quantity of data (e.g., a dozen records from a database).
- the low-granularity representation includes a single number or text item that summarizes the secured data.
- a low-granularity representation of the sensitive data is provided while a high-granularity representation is withheld.
- An abstraction lens may include filter criteria or modification instructions that indicate a categorical modification to the secured data.
- the abstraction lens may include criteria or instructions by which types of information in the secured data are categorized (e.g., employment data, education data, lifestyle data).
- the abstraction lens may include criteria or instructions by which a characteristic of the secured data is modified. For example, based on the abstraction lens, the access module determines dates and a range of time associated with the secured data. Based on the dates and the range of time, the access module may generate extrapolated data or interpolated data. For example, the access module may determine that the secured data describes a series of transactions occurring on different dates over a range of two months. In addition, the access module may interpolate the data to a target time range that is less than the associated range of time, or extrapolate the data to a target time range that is greater than the associated range of time.
- a geographical equivalence lens may include filter criteria or modification instructions that indicate similarities between data associated with a first geographical region and adjusted data associated with a second geographical regions.
- the access module may generate adjusted data based on equivalencies indicated by the geographical equivalence lens.
- a university in a geographical location e.g., a country
- the geographical equivalence lens may include expert rules capable of determining a similarity between the university and another university in another location (e.g., another country).
- secured data describing a degree received from the university may be modified to describe the similarity with a degree received from the other university.
- the geographical equivalence lens may indicate other types of geographical equivalence, such as equivalences based on cost of living, standard of living, employment information (e.g., a company having characteristics such as average salary or prestige of employment), or any other suitable geographical characteristic.
- a regulatory lens may include filter criteria or modification instructions that indicate a data modification based on legal or regulatory requirements (e.g., for a geographical region or other jurisdiction).
- the access module may generate adjusted data based on information included in the regulatory lens. For example, the access module may generate data that omits a portion of the data that is prohibited for use in generating a classification recommendation, and include another portion of the data that is permitted for use in generating the classification.
- the access module may apply an additional modification, such as emphasizing a portion of the data that is associated with a regulatory incentive (e.g., public health initiatives, tax benefits).
- a time decay lens may include filter criteria or modification instructions that indicate a data modification based on time.
- the access module may generate adjusted data based on a date, a time range, or other types of time-related information included in the secured data. For example, the access module may generate adjusted data that includes financial transactions occurring within the most recent seven years and omits transactions occurring longer ago than seven years. In addition, the access module may generate adjusted data that emphasizes a medical event occurring within the most recent year and deemphasizes another medical event occurring ten years ago.
- a weighting lens may include filter criteria or modification instructions that indicate a weight or emphasis placed on a portion of the secured data. Based on the weighting lens, the access module may assign weights to different types of data described by the secured data, such as time-sensitive data. For example, a medical event occurring within the most recent year may be assigned a higher weight than a medical event occurring ten years prior.
- a data confidence lens may include filter criteria or modification instructions that indicate whether a portion of the secured data has a given confidence level. For example, self-reported data based on self-reported information from a customer may have a relatively low confidence level (e.g., the customer may choose to misrepresent the information).
- validated data based on validated information e.g., information provided by the customer, but verified by a third party
- decision data based on decision information (e.g., from a third-party computing system that has previously generated a classification recommendation for the customer) may have a confidence level higher than the validated data.
- originator data based on original information may have a confidence level higher than the decision data.
- a confidence in provided data may be derived based on a quality assessment of data previously supplied by a same provider.
- the access module may modify different types of data described by the secured data, such as self-reported data.
- a categorical lens may include filter criteria or modification instructions that indicate a category, such as a category of secured data or a user associated with the secured data, based on a portion of the secured data. For example, filter criteria in a categorical lens may indicate that the portion of secured data describes a user who is self-employed. In some cases, a categorical lens may indicate data that fits a described category (e.g., a whitelist). Additionally or alternatively, a categorical lens may indicate data that falls outside a described category (e.g., a blacklist).
- Examples of categories described by a categorical lens include (without limitation) employment (e.g., self-employed, commission-based employment), lifestyle (e.g., renter, homeowner, pet owner, prefers outdoor exercise), education (e.g., highest degree earned, alma mater), familial status, or any other suitable category.
- Adjusted data that is generated based on the categorical lens may omit, include, or modify portions of the secured data (or a granular representation of the secured data) that fit a described category.
- a transactional lens may include filter criteria or modification instructions that indicate relationships between interactions, such as monetary interactions performed by a user associated with the secured data.
- the access module may generate adjusted data based on the indicated relationships between transactional data.
- the transactional lens may include expert rules capable of determining a similarity between multiple transactions. For example, the similarity may be determined between multiple transactions performed by the user (e.g., across a range of time, across geographical locations), or based on transactions performed by multiple users (e.g., associated with respective portions of secured data), or on a combination of transactions (e.g., by various users, at various times, at various locations).
- secured data describing one or more transactions performed by a user may be modified to describe a similarity with additional transactions (e.g., by the user, by additional users).
- the secured data describing the one or more transactions may be modified to describe a probability associated with the one or more transactions, such as a probability describing a likelihood of performing an additional transaction of a particular type, a probability describing a risk of non-payment of a monetary transaction, or other suitable probabilities associated with transactions.
- any combination of the lens types may be used to generate adjusted data.
- the access module may apply a combination of a data confidence lens and a weighting lens to remove a first portion of the data (e.g., having a low confidence value) and to assign a range of weights to a second portion of the data (e.g., having medium to high confidence values).
- the access module may apply a combination of a user preference lens and an anonymity lens to determine a user's preferred level of anonymity and to anonymize a portion of the data based on the user's preferred level.
- the access module may apply a combination of an abstraction lens, a regulatory lens, and a time decay lens to determine one or more abstract categories of the data (e.g., medical information, financial information), remove a portion of the data that is prohibited for use in generating a classification recommendation (e.g., remove medical information), and to modify another portion of the data based on a time range (e.g., retain financial information from the most recent seven years, remove financial information older than seven years).
- a classification recommendation e.g., remove medical information
- a time range e.g., retain financial information from the most recent seven years, remove financial information older than seven years.
- the access module 110 determines one or more attributes based on the secured data 330 .
- An attribute may be generated based on mathematical analysis of the secured data 330 .
- the access module 110 may generate an attribute indicating a financial metric (e.g., a debt-to-income ratio).
- the access module 110 may include the financial metric attribute in the adjusted data 310 , such that the requestor system 160 may access the financial metric attribute via the access interface 150 during the time period.
- the access module 110 may prevent the requestor system 160 from accessing the data on which the financial metric attribute is based.
- an attribute may be generated based on patterns, such as behavioral patterns, determined in the secured data 330 .
- an attribute may be identified by a user, such as an indication received from a user of a characteristic of the user (e.g., family-oriented, prefers outdoor exercise).
- An attribute may be associated with a profile of the user, such as a profile created by the user to indicate permissions associated with the user's data.
- attributes may indicate an equivalency of data.
- An equivalency may indicate a relationship between multiple portions of data, such as between secured data and requested data.
- the requestor system 160 may request financial information, such as information related to the cost of living for a person.
- the requestor system 160 may request the financial information in relation to a first financial currency and a first country (or other geographical region).
- the secured data 330 may include information about the person's cost of living in a second country with a second currency.
- the access module 110 may generate an attribute indicating an equivalence between the secured data 330 and the information requested by the requestor system 160 .
- the attribute may be based on the secured data 330 , and one or more lenses related to data equivalence, such as lenses including currency exchange ratios, standards of living for geographical regions, cost of living for geographical regions, or other suitable types of data equivalence.
- the adjusted data 310 may include an attribute indicating a cost of living in the first country (e.g., the requested information) and omit data describing a cost of living in the second country (e.g., the information available in the secured data 330 ).
- equivalency attributes may be generated by the access module 110 , such as equivalency of educational history (e.g., prestige of a degree), employment history (e.g., relative size or worth of companies), lifestyle (e.g., ownership of a car, family size).
- educational history e.g., prestige of a degree
- employment history e.g., relative size or worth of companies
- lifestyle e.g., ownership of a car, family size.
- attributes may be generated based on domain knowledge of established rules (e.g., currency exchange rates).
- attributes may be generated (or modified) based on machine learning algorithms. For example, an attribute related to a cost of living may be generated based on domain knowledge describing average income and currency exchange rates.
- the attribute may be generated based on machine learning algorithms that determine a prestige associated with a lifestyle choice (e.g., a two-bedroom apartment may be considered minimal in one region, but luxurious in another region).
- a score may be determined based on one or more attributes, such as equivalency attributes or financial metric attributes.
- the score may be determined based on a trust associated respectively with each attribute.
- the attributes are weighted, such as with a weight respectively indicating a relative importance of each attribute.
- the score is determined based on the example Equation 1. However, other implementations are possible.
- a score S may be determined as a function f of attributes A, trust factors T, and weights W.
- the vector A may represent a vector of attributes, such as a vector ⁇ a 1 , a 2 , a 3 , . . . a n ⁇ which includes the attributes a 1 through a n .
- the vector T may represent a vector of trust factors, such as a vector ⁇ t 1 , t 2 , t 3 , . . . t n ⁇ which includes the trust factors t 1 through t n .
- the vector W may represent a vector of weights, such as a vector ⁇ w 1 , w 2 , w 3 , . .
- each respective one of the trust factors t 1 through t n is associated with a respective one of the attributes a 1 through a n .
- each respective one of the weights w 1 through w n is associated with a respective one of the attributes a 1 through a n .
- the trust factor t 1 and the weight w 1 may each be associated with the attribute a 1 .
- the function f may be determined based on domain knowledge, such as rules based on prior experience with one or more of the attributes A.
- the function f may be determined based on machine learning algorithms, such as algorithms that learn a relationship between a particular attribute, the trust factor and weight associated with the particular attribute, and an observed historical outcome associated with the particular attribute (e.g., a lending outcome).
- the access module 110 may generate a score.
- the score may be included in the adjusted data 310 , and the requestor system 160 may access the score, such as via access interface 150 .
- the score may represent information requested by the requestor system 160 , or equivalent data to the requested information. For example, if the requestor system 160 requests information in relation to a first currency and a first geographical region, but the secured data 330 includes information related to a second currency and a second geographical region, the access module 110 may generate a score indicating an equivalence between the secured data 330 and the information requested by the requestor system 160 .
- a score may be associated with a profile of a user.
- a score based on attributes may be compared to one or more additional metrics related to a user. For example, a score based on attributes associated with a user may be compared to a credit score for the same user. A combined score may be generated based on the comparison.
- the attribute score (or credit score) may be modified based on the credit score (or attribute score).
- the access module 110 (or another computing system) generates a reason code indicating why a particular attribute score (or combined score) was generated. The reason code may be included in the adjusted data 310 .
- a user may interact with his or her personal information, such as secured data or PII, via a requestor system.
- a customer may use a data curation assistant system that is capable of providing or requesting information related to the customer's personal information.
- one or more of secured data that includes the customer's personal information, or a lens that indicates an instruction provided by the customer may be modified based on information provided or received by the data curation assistant system.
- the customer may interact with personal credit information via a data curation assistant system, such as by adding or removing information from secured data that includes the personal credit information.
- FIG. 4 depicts an example of a computing system 400 via which a user may interact with personal information.
- the user may interact with the personal data via a data curation assistant system 460 .
- the data curation assistant system 460 may be included, for example, in an application that is executed on a personal computing device (e.g., a smartphone, a tablet, a personal computer).
- the data curation assistant system 460 may be provided by an additional computing system, such as a service provided by a remote server, such that the data curation assistant system 460 is accessible via a web browser or a voice-activated virtual assistant.
- a data curation assistant system 460 may receive inputs from a user, or provide outputs to the user, such as via a user interface 465 that is included in the data curation assistant system 460 .
- the user interface 465 may receive or provide inputs or outputs via a suitable input or output device, such as a keyboard, mouse, display screen, touchscreen, microphone, speaker camera, accelerometer, biometrics (e.g., fingerprint scanner), or any other suitable device.
- the user interface 465 may receive or provide inputs or outputs via an electronic technique, such as a text message, an email, a data object transmitted via one or more networks, or any other suitable technique.
- the user interface 465 may receive or provide inputs or outputs related to identification or security, such as inputs verifying an identity of the user.
- the user may request information via the user interface 465 , such as a request for information stored in the data repository 140 a .
- the user may request information that is included in a secured profile 430 that is stored in the data repository 140 a .
- the secured profile 430 may include sensitive information that is stored on behalf of the user, such as (without limitation) PII, financial information, credit history, employment history, educational history, spending patterns, medical information, or any other type of sensitive information associated with the user.
- the sensitive information may be provided by the user (e.g., self-reported), or provided by an additional computing system (e.g., reported by medical or financial institutions), or a combination of these sources.
- the data curation assistant system 460 provides an information request 461 based on one or more inputs received via the user interface 465 .
- the information request 461 may include a request to modify the secured profile 430 , such as by adding, removing, or changing data stored in the secure profile 430 , or a request to modify one or more lenses that are associated with the secured profile 430 , or both.
- the information request 461 is generated by the data curation assistant system 460 based on an analysis of inputs to the user interface 465 . For example, based on analysis of the inputs, the data curation assistant system 460 may identify one or more modifications, and generate the information request 461 that includes the identified modifications.
- the user may determine that he or she is expecting to purchase a new car.
- the user may provide one or more inputs to the data curation assistant system 460 indicating that he or she is interested in receiving information about car models, car reliability, and options for financing a vehicle.
- the data curation assistant system 460 may analyze the inputs and identify, based on the analysis, a first modification that modifies the secured profile 430 , such as by adding financial data (e.g., savings or banking information) to the secured profile 430 .
- the first modification indicates that the added financial data is high-granularity data (e.g., highly detailed records describing saving patterns of the user).
- the data curation assistant system 460 may identify, based on the analysis, a second modification that modifies a user preference lens 422 that is associated with the secured profile 430 , such as by allowing requestor systems associated with car companies or financial lenders to request information included in the secured profile 430 (e.g., to provide an offer that is appropriate to the user's interest in purchasing a car).
- the second modification indicates that the requestor systems are allowed to request low-granularity data (e.g., a low-detail summary of a portion of data from the secured profile 430 ).
- the information request 461 generated by the data curation assistant system 460 may include an instruction 461 a indicating the first modification and an instruction 461 b indicating the second modification identified by the data curation assistant system 460 .
- the information request 461 may be generated based on an additional input by the user, such as an input indicating the user's agreement to the modifications identified by the data curation assistant system 460 .
- the access module 110 may receive the information request 461 from the data curation assistant system 460 , via the access interface 150 .
- the information request 461 may indicate, based on the included instructions 461 a and 461 b , the first and second modifications.
- the access module may generate an access request 411 based on the instruction 461 a , and provide the access request 411 to the data repository 140 a , via the access interface 140 a .
- the data repository 140 a may perform the first modification, such as by adding the financial data to the secured profile 430 .
- the financial data (or other information for a requested modification) may be included in the access request 411 .
- the financial data (or other information) may be received from an additional computing system, such as from a banking institution indicated by the access request 411 .
- the access module 110 may modify the user preference lens 422 based on the instruction 46 lb. For example, the access module 110 may update a preference instruction indicated by the user preference lens 422 .
- the updated preference instruction may allow requestor systems associated with car companies or financial lenders to request information included in the secured profile 430 .
- a requestor system associated with a car company may receive adjusted data (e.g., such as adjusted data 310 described in regards to FIG. 3 ) that represents a portion of the secured profile 430 .
- a requestor system associated with a commercial vehicle company may receive adjusted data that does not represent the secured profile 430 .
- the access module 110 may generate adjusted data 410 based on information associated with one or more of the first and second modifications.
- the adjusted data 410 may be generated based on information confirming the performed modifications, such as a confirmation of the first modification (e.g., received from the data repository 140 a ), or of the second modification (e.g., received from the lens 422 , or a computing system storing the lens 422 ).
- the adjusted data 410 may be provided to the data curation assistant system 460 via the access interface 150 .
- the data curation assistant system 460 may provide an indication of the completed modifications based on the adjusted data 410 , such as a confirmation message displayed via the user interface 465 .
- the adjusted data 410 is available to the data curation assistant system 460 during a time period indicated by the timer 115 , such as a time period associated with a secured network session on the data curation assistant system 460 .
- the data curation assistant system 460 may generate additional information requests to further modify the secured profile 430 or associated lenses. For example, and not by way of limitation, the user may decide that he or she will not be purchasing a new car. The user may provide additional inputs to the data curation assistant system 460 indicating the decision. Responsive to the additional inputs, the data curation assistant system 460 may generate an additional information request that includes a modification to the secured profile 430 , such as removing the added financial data, and a modification to the user preference lens 422 , such as by updating a preference instruction to prevent requestor systems from accessing the secured profile 430 .
- a modification to the secured profile 430 such as removing the added financial data
- a modification to the user preference lens 422 such as by updating a preference instruction to prevent requestor systems from accessing the secured profile 430 .
- the user may control an amount and/or type of data included in the secured profile 430 via the data curation assistant system 460 .
- the user may control an amount and/or type of requestor systems that may request information included in the secured profile 430 .
- the data curation assistant system 460 may increase security of sensitive information included in the secured profile 430 .
- the user may experience a greater sense of satisfaction or peace of mind by controlling the secured profile 430 via the data curation assistant system 460 .
- FIG. 5 is a block diagram depicting a computing system capable of controlling access to data, according to certain implementations.
- the depicted example of an access control system 501 includes one or more processors 502 communicatively coupled to one or more memory devices 504 .
- the processor 502 executes computer-executable program code or accesses information stored in the memory device 504 .
- Examples of processor 502 include a microprocessor, an application-specific integrated circuit (“ASIC”), a field-programmable gate array (“FPGA”), or other suitable processing device.
- the processor 502 can include any number of processing devices, including one.
- the memory device 504 includes any suitable non-transitory computer-readable medium for storing the access module 110 , the timer 115 , the lens selector module 320 , the adjusted data 310 , and other received or determined values or data objects.
- the lenses 120 or one or more of the selected lenses 322 , 324 , or 326 may be stored on the memory device 504 .
- the computer-readable medium can include any electronic, optical, magnetic, or other storage device capable of providing a processor with computer-readable instructions or other program code.
- Non-limiting examples of a computer-readable medium include a magnetic disk, a memory chip, a ROM, a RAM, an ASIC, optical storage, magnetic tape or other magnetic storage, or any other medium from which a processing device can read instructions.
- the instructions may include processor-specific instructions generated by a compiler or an interpreter from code written in any suitable computer-programming language, including, for example, C, C++, C#, Visual Basic, Java, Scala, Python, Perl, JavaScript, and ActionScript.
- the memory device 504 may be accessed by the access control system 501 . In some cases, the memory device 504 may be accessed via an enabled access interface, such as the access interfaces 150 a , 150 b , 150 c , or 150 .
- the access control system 501 may also include a number of external or internal devices such as input or output devices.
- the access control system 501 is shown with an input/output (“I/O”) interface 508 that can receive input from input devices or provide output to output devices.
- I/O input/output
- a bus 506 can also be included in the access control system 501 .
- the bus 506 can communicatively couple one or more components of the access control system 501 .
- the access control system 501 executes program code that configures the processor 502 to perform one or more of the operations described above with respect to FIGS. 1-3 .
- the program code includes operations related to, for example, one or more of the access module 110 , the timer 115 , the lens selector module 320 , the adjusted data 310 , or other suitable applications or memory structures that perform one or more operations described herein.
- the program code may be resident in the memory device 504 or any suitable computer-readable medium and may be executed by the processor 502 or any other suitable processor.
- the program code described above, the access module 110 , the timer 115 , the lens selector module 320 , and the adjusted data 310 are stored in the memory device 504 , as depicted in FIG. 5 .
- one or more of the access module 110 , the timer 115 , the lens selector module 320 , the adjusted data 310 , and the program code described above are stored in one or more memory devices accessible via a data network, such as a memory device accessible via a cloud service.
- the memory devices accessible via the data network may be secured memory devices, such that access to the adjusted data 310 is controlled by the access control system 501 .
- the access control system 501 depicted in FIG. 5 also includes at least one network interface 510 .
- the network interface 510 includes any device or group of devices suitable for establishing a wired or wireless data connection to one or more data networks 512 .
- Non-limiting examples of the network interface 510 include an Ethernet network adapter, a modem, and/or the like.
- one or more of the access interfaces 150 a , 150 b , 150 c , or 150 are implemented via the network interface 510 .
- Additional computing systems such as the requestor system 160 , data repositories 530 (such as the data repositories 130 a , 130 b , and 130 c ), or a computing system including one or more of the lenses 120 can be connected to the access control system 501 via network 512 , and the additional computing systems may perform some of the operations described herein, such as providing secured data 330 ; providing a selected lens 322 , 324 , or 326 ; or providing the information request 161 .
- data repositories 530 such as the data repositories 130 a , 130 b , and 130 c
- a computing system including one or more of the lenses 120 can be connected to the access control system 501 via network 512 , and the additional computing systems may perform some of the operations described herein, such as providing secured data 330 ; providing a selected lens 322 , 324 , or 326 ; or providing the information request 161 .
- the access control system 501 is able to communicate with one or more of requestor system 160 , data repositories 530 , or a computing system including one or more of the lenses 120 the remote computing system 515 using the network interface 510 (such as via one or more of the access interfaces 150 a , 150 b , 150 c , or 150 ).
- FIG. 5 depicts the lenses 120 as accessible to the access control system 501 via the networks 512 , other implementations are possible, including the lenses 120 being stored in the memory device 504 of access control system 501 .
- a computing device can include any suitable arrangement of components that provides a result conditioned on one or more inputs.
- Suitable computing devices include multipurpose microprocessor-based computer systems accessing stored software that programs or configures the computing system from a general purpose computing apparatus to a specialized computing apparatus implementing one or more implementations of the present subject matter. Any suitable programming, scripting, or other type of language or combinations of languages may be used to implement the teachings contained herein in software to be used in programming or configuring a computing device.
- Implementations of the methods disclosed herein may be performed in the operation of such computing devices.
- the order of the blocks presented in the examples above can be varied—for example, blocks can be re-ordered, combined, and/or broken into sub-blocks. Certain blocks or processes can be performed in parallel.
Abstract
Description
- The present disclosure claims priority to U.S. provisional application Ser. No. 62/672,189 for “Controlling Access to Secured Data Via Timed Filtering of Data,” filed May 16, 2018, and to U.S. provisional application Ser. No. 62/740,650 for “Controlling Access to Multi-Granularity Data,” filed Oct. 3, 2018, each of which is incorporated by reference herein in its entirety.
- This disclosure relates generally to the field of data security, and more specifically relates to controlling access to secured data.
- Information requestor systems may request data related to a user, and generate a classification recommendation of the user based on analysis of the requested information. The classification may indicate, for example, a recommendation in response to an expert query. The data that is requested may include secured data, including secured data that is available to the requestor system for a limited amount of time. In some cases, the requested data may include secured data from multiple source with different access policies or permissions. A conventional requestor system may retain data that is provided to it, creating a security vulnerability that could be attacked or exploited by malicious actors. Furthermore, retention of the data by the conventional requestor system could be inconsistent with the access policy of the source. If the conventional system accesses multiple sources of data with various access policies, some of the access policies may prevent the conventional system from using the data. To be compliant with the access policies of the multiple data sources, the conventional requestor system may generate a less accurate classification, based on only some of the requested data.
- According to certain implementations, an access control system receives, from a requestor system, a request for information. The request represents secured data that is stored by a secured source. The access control system provides the request to the secured source via a first access interface, and receives, from the secured source, the secured data and an identified time period. The access control system selects a portion of the secured data based on one or more lenses including a filter criteria or a modification instruction. In addition, the access control system generates adjusted data that comprises the requested information and a modification of the selected portion of data. The modification is based on the one or more lenses and the selected portion of data. The access control system provides the adjusted data via a second access interface, such as to the requestor system. In some cases, upon completion of the identified time period, the access control system prevents the requestor system from accessing the adjusted data, by disabling the second access interface. In addition, the access control system deletes the adjusted data from a local memory device, and disables the first access interface.
- These illustrative aspects are mentioned not to limit or define the disclosure, but to provide examples to aid understanding thereof. Additional aspects are discussed in the Detailed Description, and further description is provided there.
- Features, implementations, and advantages of the present disclosure are better understood when the following Detailed Description is read with reference to the accompanying drawings, where:
-
FIG. 1 is a block diagram depicting an example of a computer system for controlling access to secured data, according to certain implementations; -
FIG. 2 is a flow chart diagram depicting an example of a process for controlling access to secured data, according to certain implementations; -
FIG. 3 is a diagram depicting an example of a system that may apply lenses to modify secured data, according to certain implementations; -
FIG. 4 is a diagram depicting an example of a computer system by which a user may interact with personal data, according to certain implementations; and -
FIG. 5 is a block diagram depicting an example of a computing system for implementing an access control system, according to certain implementations. - According to certain implementations, an access module may control access to secured data received from multiple sources. The access module may enable (or disable) access interfaces to additional computing systems, such as a data repository that stores secured data, or a requestor system that requests information from the secured data. The access module may also use lenses to modify the secured data. Modifications may be based on an access policy associated with the data repository. For example, the access module may generate adjusted data that includes the requested information, but modifies or omits other portions of the secured data, based on one or more of the lenses. The access module may allow the requestor system to access the adjusted data, but not the secured data. In some cases, the adjusted data may be available to a requestor system for a limited amount of time. In addition, the adjusted data may be deleted (or otherwise withheld) from the requestor system after the period of time is completed. An access module that is located remotely from a requestor system may improve security by reducing opportunities for inappropriate modification (e.g., hacking) by the requestor system. In addition, the remote location of the access module may improve security for the secured data, by leveraging the access module's ability to generate adjusted data without permitting the requestor system access to a source of secured data that is being adjusted.
- As discussed above, prior techniques for providing data to a requestor system do not adequately protect sensitive information represented by secured data. In addition, the data that is analyzed may include large quantities of sensitive types of information, such as employment history, educational information, financial information, or medical history. Conventional requestor systems may request the sensitive information to generate an accurate classification. However, the classification recommendation may be considered inappropriate by a person associated with the sensitive information. If the requestor system has access to secured data representing all of the person's sensitive information, the person may consider the generated recommendation an invasion of privacy. As a result, secured data may not be used to its fullest extent in a conventional system.
- By contrast, an access control computing system may mediate information requests and responses between additional computing systems, such as the requestor system and the data repository. By establishing a network configuration that causes both information requests and responses to the requests to be received by a separate computing system, such as the access control system, the security of any sensitive data (e.g., in response to the information requests) is improved. For example, using a network architecture that includes three computing systems (e.g., the requestor system, the access control system, and the data repository) may separate the requestor system from the data repository, and limit access to secured data stored on the repository. Certain implementations described herein provide for protecting sensitive information by controlling access to secured data that represents the sensitive information.
- In some implementations, the access control system may determine attributes based on the secured data. For example, an attribute may be generated by the access control systems based on a lens that is applied to the secured data. The attribute may indicate an equivalency between the requested data and the secured data, such as an equivalency between geographical regions, financial metrics, employment or education information, or other types of variables. In some cases, the access control system may generate a score associated with the attributes, such as a score based on multiple weighted attributes and a relative trust of each attribute.
- The following examples are provided to introduce certain implementations of the present disclosure. For example, a requestor system requests secured information, such as to generate a classification recommendation for a user based on analysis of the secured information. The request may be received by an access module, which may determine one or more types of secured information associated with the request. The access module may provide an access request to a third-party system, such as a data repository, that securely stores one (or more) of the types of secured information. In response to the access request, the third-party system may enable the access module to access the stored secured information during a period of time. In addition, the access module may implement a timer for the period of time. Upon completion of the period of time, the access module may have limited or no access to the secured information stored by the third-party system. As the requestor system does not retain the data, or maintain any access to the data, security is improved by reducing a number of computing systems that have access to the data.
- In addition, the access module may allow the requestor system to access adjusted data that is based on the secured data. For example, the access module may select portions of the secured data according to a lens indicating one or more filter criteria, and allow the requestor system to access the filtered data. In addition, the access module may generate adjusted data based on the secured data and the lens, such as adjusted data that omits sensitive or private information, and allow the requestor system to access the adjusted data. The access module may also generate one or more attributes based on either the secured data or the adjusted data, and provide the attributes or a related score to the requestor system. In some cases, the access module may allow the requestor system to access the adjusted data (e.g., filtered data, modified data) or scored attributes during the period of time. In addition, the access module may prevent the requestor system from accessing the secured data stored with the third-party system.
- Referring now to the drawings,
FIG. 1 depicts an example of acomputing environment 100 in which access to secured data may be controlled. In thecomputing environment 100, anaccess module 110 may control access to data that is stored in one or more ofdata repositories data repositories access module 110 may control the access of arequestor system 160 to the stored data, including the secured data. Security of the sensitive information may be improved, for example, by limiting access of therequestor system 160 to the secured data, such as by controlling access via theaccess module 110. - The
access module 110 may include one or more access interfaces. In some cases, each access interface may be associated with a particular computing system with which the access module communicates. For example, theaccess interface 150 may be associated with therequestor system 160, such that communications between theaccess module 110 and therequestor system 160 are enabled via theaccess interface 150. In addition, the access interfaces 140 a, 140 b, and 140 c may be respectively associated with thedata repositories access module 110 and thedata repositories - In addition, the
access module 110 may include one or more lenses, such aslenses 120. Each lens may include information, such as filter criteria or modification instructions, describing a modification that may be applied to data. In some cases, thelenses 120 include computer-executed code or other instructions, and perform operations to modify the data based on the code or instructions. In additional or alternative implementations, thelenses 120 indicate code or instructions that are stored elsewhere (e.g., in a memory device, in a storage device), such that theaccess module 120 performs the operations to modify the data based on the indications from thelenses 120. Based on thelenses 120, one or more of theaccess module 110 or thelenses 120 may generate adjusted data. In some cases, the adjusted data is generated based on secured data provided by one or more of thedata repositories - In an implementation, the
access module 110 receives a request for information, such as theinformation request 161 from therequestor system 160. Therequestor system 160 may request the information, for example, for the purpose of generating a classification recommendation as a response to an expert query, such as an expert query about (without limitation) a medical or employment decision. In addition, therequestor system 160 may request information that is related to a user of therequestor system 160, such as a customer that has requested the classification recommendation. In some cases, the information requested by therequestor system 160 may be secured data, such as data that describes personally identifiable information (“PII”), medical information, employment information, or any other type of sensitive data. - Based on the received request, the
access module 110 may determine a source for the requested information, such as one or more of thedata repositories access module 110 may determine that the requested information is stored by thedata repository 130 a. Theaccess module 110 may generate anaccess request 111 that indicates one or more of the requested information, an identification of theaccess module 110, an identification of therequestor system 160, or any other suitable access information. - The
access module 110 may provide theaccess request 111 to thedata repository 130 a. In addition, theaccess module 110 may provide theaccess interface 140 a to thedata repository 130 a. Providing theaccess interface 140 a may include one or more of enabling theinterface 140 a; exchanging security information with thedata repository 130 a; disabling any of theother access interfaces - In some cases, responsive to receiving the
access request 111, thedata repository 130 a may determine secured data that includes, or otherwise represents, the requested information. In addition, thedata repository 130 a may establish a connection with theaccess module 110 via theaccess interface 140 a. In some cases, the connection between thedata repository 130 a and theaccess module 110 may be enabled by one or more networks or additional computing systems. In addition, one or both of thedata repository 130 a or theaccess module 110 may terminate the connection, for example, if correct security information is not exchanged or if the requested information is not available in thedata repository 130 a. In some cases, if the connection is terminated, theaccess module 110 may temporarily or permanently disable theaccess interface 140 a. - In an implementation, the
access module 110 may receive from thedata repository 130 a the secured data that includes the requested information. In some cases, receiving the secured data may include one or more of creating a copy of the secured data in a local memory or storage device of theaccess module 110, or accessing, via theaccess interface 140 a, the secured data stored in a memory or storage device of thedata repository 130 a. - In addition, the
access module 110 may receive from thedata repository 130 a data identifying a time period. The time period may indicate a time span during which theaccess module 110 may access the secured data. For example, the time period may indicate a duration of access time (e.g., a duration of five minutes). In addition, the time period may indicate one or more timestamps indicating a starting or ending point of the access time (e.g., until 09:00:00, between 15:00:00 and 15:03:00). Additionally or alternatively, the time period may indicate a quantity of events by which theaccess module 110 may access the secured data. For example, the time period may indicate a particular number of access events (e.g., access to the secured data is allowed on up to three occasions). In some cases, the time period indicates a combination of a duration and a quantity of events (e.g., access is allowed on up to six occasions, and no more than once per month). Responsive to receiving the time period, theaccess module 110 may activate atimer 115. Thetimer 115 may determine or otherwise track an amount of time remaining in the time period. Based on the time period, theaccess module 110 may perform one or more operations related to controlling access of therequestor system 160 to the secured data. Upon completion of the time period (e.g., at the end of a duration, after a quantity of events), the access module may perform one or more operations related to terminating access of therequestor system 160 to the secured data. - In some implementations, the
access module 110 may access the secured data based on the time period. For example, theaccess module 110 may modify the secured data based on one or more of thelenses 120. Theaccess module 110 may select a portion of the data based on filter criteria or modification instructions included in the lens. In addition, the access module may generate adjusted data that is based on the secured data and the modification(s) indicated by the lens. The adjusted data may include, or otherwise represent, the information requested by therequestor system 160. In some cases, the adjusted data may include one or more attributes generated by theaccess module 110, or a score related to the attributes. Additionally or alternatively, the adjusted data includes data having a granularity, such as a high-granularity representation that includes a relatively large quantity of data, such as several thousand records from a database, or a low-granularity representation that includes a relatively small quantity of data, such as a dozen records from a database. In some cases, the low-granularity representation includes a single number or text item that summarizes the secured data. - In some cases, the
access module 110 selects a particular lens based on an indication from one or more of therequestor system 160, thedata repository 130 a, or another one of thelenses 120. For example, therequestor system 160 may indicate a lens related to time decay (e.g., including data from the past two years, omitting data older than five years, weighting recent data more heavily than older data). In addition, thedata repository 130 a may indicate another lens related to user preferences (e.g., omitting a user's name from the data). In addition, a particular one of the lenses may indicate another lens (e.g., the lens related to user preferences may indicate a lens related to anonymizing data, such as to anonymize the user's name). In some cases, theaccess module 110 selects a lens that modifies a granularity of the adjusted data, such as modifying high-granularity data into low-granularity adjusted data (or low-granularity data into high-granularity adjusted data). Additionally or alternatively, the selected lens modifies a granularity of a portion of the adjusted data, or modifies multiple granularities of respective portions of the adjusted data. For example, the adjusted data may be multi-granularity data that includes a first data portion having high granularity and a second data portion having low granularity. - The
requestor system 160 may access the adjusted data via theaccess interface 150 during the time period. In some cases, therequestor system 160 may perform analysis of the adjusted data, such as to generate a recommendation in response to an expert query. Security and privacy may be increased for any sensitive information represented by the secured data, such as by allowing the requestor system to access the adjusted data instead of the secured data. In addition, the data may be used to its fullest extent. - Upon completion of the time period, the
access module 110 may terminate, or otherwise reduce, access of therequestor system 160 to the adjusted data. For example, theaccess module 110 may modify a granularity of the adjusted data, such as modifying a high-granularity representation of the adjusted data into a low-granularity representation. Furthermore, theaccess module 110 may prevent therequestor system 160 from accessing the adjusted data by disabling theaccess interface 150. In addition, theaccess module 110 may remove the adjusted data, such as by deleting the adjusted data from the local memory or storage device of theaccess module 110. In addition, theaccess module 110 may remove any locally stored copies of the secured data, if such local copies had been created. In some cases, theaccess module 110 may disable theaccess interface 140 a. In some cases, thecomputing environment 100 may provide an architecture in which the access module is remotely located from therequestor system 160, or from thedata repositories computing environment 100 may more easily limit access of therequestor system 160 to the adjusted data, such as by disabling theaccess interface 150. - In some implementations, the
access module 110 may access data from multiple sources in response to a particular request for information. For example, therequestor system 160 may request information describing online transactions of multiple users. The access module may provide the access interfaces 140 a, 140 b, and 140 c to therespective data repositories data repositories access module 110 may access the respective secured data. One or more of the respective time periods may indicate a different amount of time (or different timestamps). Theaccess module 110 may select one or more portions of the secured data, generate adjusted data based on the selected potion and one or more of thelenses 120, and enable access to the adjusted data via theaccess interface 150. For example, theaccess module 110 may select a portion of the secured data based on a user preference lens, remove some of the selected portion based on a time decay lens, and anonymize the remainder of the portion based on an anonymization lens. In addition, the access module may generate adjusted data based on the selected, time-adjusted, and anonymized data portion. Therequestor system 160 may access the adjusted data based on the respective time periods (e.g., a duration of time, a quantity of access events). If one of the time periods expires (e.g., a time period received fromdata repository 130 c), theaccess module 110 may revise the adjusted data to omit data related to the expired time period (e.g., based on secured data from thedata repository 130 c), and provide access to the revised adjusted data. In some cases, one or more of thedata repositories access module 110 or the requestor system 160). - In addition, the data may be classified, such as in an ontology of data. In some cases, the classification is based on one or more of the
lenses 120. For example, a lens may classify data into categories, such as based on a source of data (e.g., credit card purchasing data, bank savings history, borrowing data, educational history, employment history). In addition, a lens may aggregate data based on an abstraction of the data, such as a type (e.g., PII, financial, demographic, professional), a range of time, or any other suitable abstraction. In some cases, classification of data may be based on domain knowledge, such as classification into types based on previous expertise. In addition, classification of data may be based on machine learning algorithms or other automated techniques of classification. In some cases, an intended use of data may be used as the basis of a data classification. - Data in the
data repositories - In addition, data may be received by one or more computing systems operated by an entity that has a business relationship with a user (e.g., a customer of a company, a student of a university). Data may be gathered, for example, based on transactions, communications, received products (e.g., purchased items, grades or degrees received), or other interactions between the entity and the user during the business relationship. In some cases, such data related to business transactions may be accessible by the access module based on a permission granted by the user. For example, the user may be able to allow or prevent sharing of the transaction data (e.g., by granting or withdrawing a permission). In some implementations, the user could decide to allow sharing of the transaction data to improve accuracy of a recommendation generated by the
requestor system 160. For instance, the user could allow sharing of transaction data related to bank account daily transactions, educational history, and employment history, to improve accuracy of a recommendation related to a car loan application (e.g., to obtain more favorable loan terms). In some implementations, access to transaction data may be determined based in part on a lens indicating a permission granted (or withheld) by the user. Additionally or alternatively, access to transaction data may be determined based in part on a lens indicating a data granularity that is allowed (or disallowed) by the user. - In addition, the data in the
data repositories access module 110, to create a profile. One or more lenses may be generated, for example, based on a profile determined by the user. The user may provide data related to personal interests, such as preferred business relationships, hobbies, medical conditions, news topics, or any other area personal interest. In some cases, data related to personal interests may be accessible by the access module based on a permission granted by the user. In some implementations, the user could decide to allow sharing of the personal interest data to improve accuracy of a recommendation generated by therequestor system 160. For instance, the user could allow sharing of personal interest data related to an exercise goal and dietary restrictions, to improve accuracy of a recommendation related to offers received by the user. In some implementations, access to personal interest data may be determined based in part on a lens indicating a permission granted (or withheld) by the user. Additionally or alternatively, access to personal interest data may be determined based in part on a lens indicating a data granularity that is allowed (or disallowed) by the user. - In some cases, a profile created based on user data and permissions may be associated with the user, such as by a universal identification (“ID”). The profile may be initiated or updated based on lending/borrowing data, transaction data, personal interest data, or any combination of these. The universal ID of the profile may be based on one or more identifying items, such as a password, biometric data, knowledge-based queries, a token, or any other identifying item or combination of identifying items. For example, the universal ID may be created by a software module based on an encrypted combination of multiple biometrics (e.g., iris scan, voiceprint, face recognition, fingerprint, infrared vein image).
- In some implementations, the data in the
data repositories -
FIG. 2 is a flow chart depicting an example of aprocess 200 for controlling access to secured data that represents sensitive information. In some implementations, such as described in regards toFIG. 1 , a computing device executing an access module implements operations described inFIG. 2 , by executing suitable program code. For illustrative purposes, theprocess 200 is described with reference to the examples depicted inFIG. 1 . Other implementations, however, are possible. - At
block 210, theprocess 200 involves receiving a request for information that is stored in a secured source. The requested information may be included, for example, in secured data that is stored on the secured source. For example, theaccess module 110 may receive aninformation request 161 that indicates information stored on one or more of thedata repositories access module 110 may determine that the requested information is included in secured data stored on the secured source. - At
block 220, theprocess 200 involves providing, to the secured source, one or both of a first access interface and an access request. In some cases, the access request indicates the requested information. For example, theaccess module 110 may provide to thedata repository 130 a theaccess interface 140 a, such as by enabling theaccess interface 140 a. Also, theaccess module 110 may provide to thedata repository 130 a theaccess request 111. Theaccess request 111 may include (or otherwise describe) theinformation request 161, security information associated with theaccess module 110 or theaccess interface 140 a, or any other suitable information. - At
block 230, theprocess 200 involves receiving one or both of secured data and an indication of a time period. The secured data may be received from (or otherwise accessible via) the secured source. The indicated time period may be received from the secured source, or determined based on other information received from the secured source (e.g., an authentication certificate with a timestamp). For example, theaccess module 110 may receive (or access) the secured data stored ondata repository 130 a via theaccess interface 140 a. In addition, theaccess module 110 may receive an indication of a time period from (or based on information from) thedata repository 130 a. - At
block 235, theprocess 200 involves determining whether the time period is completed. For example, thetimer 115 may measure a period of time indicated by thedata repository 130 a. Additionally or alternatively, thetimer 115 may measure a quantity of access events indicated by thedata repository 130 a. If operations related to block 235 determine that the time period is ongoing (e.g., a time duration is not complete, a quantity of access events is greater than zero),process 200 may proceed to another block, such asblock 240. If operations related to block 235 determine that the time period is complete,process 200 may proceed to another block, such asblock 270. - At
block 240, theprocess 200 involves selecting a portion of the secured data. In addition, the portion of the secured data may be based on a lens. In addition, multiple lenses may be used (e.g., simultaneously or individually) to select the portion of the secured data. A lens may be selected based on information received with the request for information, or from the secure source, or based on information included in another lens. For example, the access module may select some or all of the secured data from thedata repository 130 a, based on one or more of thelenses 120. Theaccess module 110 may determine which of thelenses 120 to use based on one or more indications received from therequestor system 160, thedata repository 130 a, or another one of thelenses 120. - At
block 250, theprocess 200 involves generating adjusted data. The adjusted data may be based on one or both of the lens and the selected portion of the secured data. In addition, the adjusted data may comprise one or more of the requested information, a modification of the selected portion of the secured data, a high-granularity or low-granularity representation of the selected portion of the secured data, attributes based on the selected portion of the secured data, or a score related to the adjusted data (e.g., a score of the attributes). For example, theaccess module 110 may generate adjusted data that includes a modification of the secured data from thedata repository 130 a, such that the modification is based on one or more of thelenses 120. In addition, the adjusted data may include the requested information indicated by theinformation request 161. - At
block 260, theprocess 200 involves providing a second access interface to an additional computing system, such as a requestor system. In some cases, the second access interface is provided to a requestor system that provided the request for information. Adjusted data, such as the adjusted data generated based on the lens and the secured data, may be accessible via the second access interface. For example, theaccess module 110 may provide theaccess interface 150 to therequestor system 160, to access adjusted data generated by theaccess module 110. - Following
block 260, theprocess 200 may proceed to another block, such as one or more ofblocks process 200 may proceed to one or more ofblocks timer 115 has completed (e.g., the time duration is completed, the quantity of access events is zero), the access module may perform one or more operations related to one or more ofblocks - At
block 270, theprocess 200 involves disabling the second access interface. Disabling the second access interface may include terminating a network connection, revoking a security certificate, or any other suitable technique. For example, theaccess module 110 may disable theaccess interface 150 such that therequestor system 160 cannot access the adjusted data via theaccess interface 150. - At
block 280, theprocess 200 involves disabling the first access interface, such as by using any suitable technique. For example, theaccess module 110 may disable theaccess interface 140 a such that the secured data stored withdata repository 130 a is not accessible by theaccess module 110. - At
block 290, theprocess 200 involves deleting the generated adjusted data. In some cases, additional data related to the adjusted data is also deleted, such as the request for information, timer information, or any locally stored secured data. For example, theaccess module 110 may delete the adjusted data and any local copies of the secured data that are stored on a memory device for theaccess module 110. Theaccess module 110 may also delete theinformation request 161, or delete (or otherwise modify) thetimer 115. - In some cases, operations related to one or more of
blocks access module 110 may determine that each of thedata repositories information request 161. In addition, theaccess module 110 may generate adjusted data based on secured data from each of thedata repositories access module 110 may also maintain additional timer information for each of thedata repositories - In some cases, secured data may be modified based on one or more lenses. For example, a lens may include filter criteria, modification instructions, or any combination of these. Based on the filter criteria or modification instructions, an access module may generate adjusted data from the secured data. For example, and not by way of limitation, the access module may select a portion of the secured data based on a filter criterion, and convert values in the selected data based on a modification instruction. In addition, the access module may modify the secured data based on a combination of lenses, including simultaneous combinations, such as multiple lenses that are applied as part of a particular modification, or sequential combinations, such as multiple lenses that are applied in a series of ordered or unordered modifications.
- In
FIG. 3 , theaccess module 110 provides the access interfaces 140 a and 150, respectively, to thedata repository 130 a and therequestor system 160. In addition, theaccess module 110 may enable or disable the access interfaces 140 a and 150, for example, based on information received from either therequestor system 160 or thedata repository 130 a. - In some implementations, the access module receives the
information request 161 from therequestor system 160. Based on theinformation request 161, theaccess module 110 may determine that therequestor system 160 has requested information that is stored on a secure data source. For example, the information request may indicate some or all ofsecured data 330, which is stored on thedata repository 130 a. In additional or alternative implementations, theaccess module 110 may determine that the requested information may be determined based on thesecured data 330, such as based on an analysis or modification of some or all of thesecured data 330. - The
access module 110 may provide theaccess request 111 to thedata repository 130 a. In some cases, theaccess request 111 may be provided via theaccess interface 140 a. Theaccess request 111 may indicate the information requested by therequestor system 160. In addition, theaccess request 111 may indicate additional information, such as an identification of theaccess interface 140 a or security information associated with one or more of theaccess module 110 or therequestor system 160. Thedata repository 130 a may provide access to thesecured data 330 based on theaccess request 111. For example, theaccess module 110 may receive (or otherwise access) some or all of thesecured data 330 via theaccess interface 140 a. In addition, theaccess module 110 receives an indication of a time period from thedata repository 130 a. Thetimer 115 may be instantiated based on the time period indicated by thedata repository 130 a, or on a time period indicated in a lens (e.g., one of the lenses 120), or a combination of indicated time periods. InFIG. 3 , thesecured data 330 is depicted as remaining on thedata repository 130 a and thetimer 115 is depicted as remaining on theaccess module 110, but other implementations are possible. For example, a copy of some or all of thesecured data 330 may be stored on a local memory device of theaccess module 110. In addition, thedata repository 130 a may instantiate an additional timer in an additional memory device local to thedata repository 130 a. - The
access module 110 may generate adjusteddata 310 based on thesecured data 330. In addition, the adjusteddata 310 may be stored on the local memory device of theaccess module 110. During the indicated time period, such as while thetimer 115 is running, theaccess module 110 may provide access to the adjusteddata 310 via theaccess interface 150. For example, therequestor system 160 may access the adjusteddata 310 and perform an analysis based on the requested information that is included in the adjusteddata 310. In addition, therequestor system 160 may generate aclassification recommendation 360 based on the adjusted data 310 (or on the analysis thereof). After the completion of the indicated time period, the access module may terminate access to the adjusteddata 310, such as by disabling one or more of the access interfaces 150 or 140 a. In addition, theaccess module 110 may delete (or otherwise modify) the adjusteddata 310 from the local memory device of theaccess module 110. If a local copy of thesecured data 330 is stored on the local memory device of theaccess module 110, theaccess module 110 may also delete the local copy upon completion of the indicated time period. - In some embodiments, the access module generates the adjusted data based on one or more lenses. For example, a
lens selector module 320 included in theaccess module 110 may determine that the adjusteddata 310 is to be generated based on a modification of thesecured data 330. In addition, thelens selector module 320 may select alens 322, alens 324, and alens 326 by which the adjusteddata 310 is to be generated. The selectedlenses requestor system 160, thedata repository 130 a, or another one of the selectedlenses - The
access module 110 may generate the adjusteddata 310 based on a combination of the selectedlenses access module 110 may apply any of the selectedlenses secured data 330 based on the selectedlens 322 to generate a first set of adjusted data. In addition, the access module may modify the first set of adjusted data based on the selectedlenses access module 110 may provide access to the adjusteddata 330 after all lenses that are selected by thelens selection module 320 are applied. - A lens may include one or more filter criteria, wherein portions of the secured data are withheld or included based on the filter criteria. Non-limiting examples of filter criteria include (without limitation) matching a data characteristic, selecting data from a range, comparing data to a threshold, or any other suitable filter criterion. In some cases, data that is to be withheld is modified, such as to anonymize (or otherwise render incomprehensible) the data to be withheld. In some cases, lenses may be inclusive, such as a lens indicating that data meeting one or more criteria is included or represented in adjusted data (e.g., a whitelist). Additionally or alternatively, lenses may be exclusive, such as a lens indicating that data meeting one or more criteria is excluded from or unrepresented in adjusted data (e.g., a blacklist).
- A lens may include one or more modification instructions, wherein portions of the secured data are modified based on the modification instructions. Non-limiting examples of modification instructions include (without limitation) expert rules, mathematical operations, combination of the data with additional data, or any other suitable modification instruction.
- In some cases, a particular lens can include filter criteria or modification instructions that are directed to a particular type of modification. Examples of lens types include (without limitation) user preference, anonymization, data abstraction, time decay, data weighting, data confidence, data equivalence, data granularity, regulatory requirements, categorical, transactional, or any other suitable category of modification by which adjusted data may be generated. Lenses may be used together, such that the adjusted data is generated based on multiple lenses. In some cases, a lens may indicate an additional lens to perform a modification of secured data. For example, based on an instruction in a user preference lens, the access module may determine that the secured data is to be anonymized. In addition, the access module may select an anonymization lens and apply the anonymization lens to the secure data.
- A user preference lens may include filter criteria or modification instructions that indicate a preference instruction provided by a user, such as a customer who is using the requestor system. The user may provide the preference instruction via, for example, a user interface (e.g., graphical interface, voice interface, text interface) on a computing device (e.g., a personal computer, a smartphone, a voice-activated virtual assistant). In some cases, the preference instruction is provided via a data curation assistant system. Adjusted data that is generated based on the user preference lens may omit, include, or modify portions of the secured data (or a granular representation of the secured data) as indicated by the preference instruction.
- An anonymity lens may include filter criteria or modification instructions that anonymize a portion of the secured data. For example, the anonymity lens may include filter criteria to omit sensitive data, such as PII or financial account information. In addition, the anonymity lens may include modification instructions that modify the secured data such that sensitive data is withheld, such as by obscuring (e.g., blurring, hashing, redacting) the sensitive data. In some cases, the sensitive data is withheld while a context of the sensitive data is provided (e.g., describing a quantity of credit card transactions while obscuring associated account numbers).
- A granularity lens may include filter criteria or modification instructions that indicate a granularity (e.g., a level of detail) for some or all of the secured data. In some cases, the granularity lens may include criteria or instructions indicating a level of detail for a portion of the secured data. For example, the granularity lens may include filter criteria to generate a high-granularity representation of a first portion of the secured data, such as a highly detailed representation of a relatively large quantity of data (e.g., several thousand records from a database). In some cases, the high-granularity representation includes secured data that is considered raw data (e.g., generated data that is unchanged subsequent to generation). In addition, the granularity lens may include filter criteria to generate a low-granularity representation of a second portion of the secured data, such as a low-detail representation of a relatively small quantity of data (e.g., a dozen records from a database). In some cases, the low-granularity representation includes a single number or text item that summarizes the secured data. In some cases, a low-granularity representation of the sensitive data is provided while a high-granularity representation is withheld.
- An abstraction lens may include filter criteria or modification instructions that indicate a categorical modification to the secured data. In some cases, the abstraction lens may include criteria or instructions by which types of information in the secured data are categorized (e.g., employment data, education data, lifestyle data). In addition, the abstraction lens may include criteria or instructions by which a characteristic of the secured data is modified. For example, based on the abstraction lens, the access module determines dates and a range of time associated with the secured data. Based on the dates and the range of time, the access module may generate extrapolated data or interpolated data. For example, the access module may determine that the secured data describes a series of transactions occurring on different dates over a range of two months. In addition, the access module may interpolate the data to a target time range that is less than the associated range of time, or extrapolate the data to a target time range that is greater than the associated range of time.
- A geographical equivalence lens may include filter criteria or modification instructions that indicate similarities between data associated with a first geographical region and adjusted data associated with a second geographical regions. The access module may generate adjusted data based on equivalencies indicated by the geographical equivalence lens. For example, a university in a geographical location (e.g., a country) may have certain characteristics, such as an admissions rate of a certain percentage of applicants, an average starting salary for graduates, or a prestige associated with a particular program of study. In some cases, the geographical equivalence lens may include expert rules capable of determining a similarity between the university and another university in another location (e.g., another country). Based on the expert rules, secured data describing a degree received from the university may be modified to describe the similarity with a degree received from the other university. In addition, the geographical equivalence lens may indicate other types of geographical equivalence, such as equivalences based on cost of living, standard of living, employment information (e.g., a company having characteristics such as average salary or prestige of employment), or any other suitable geographical characteristic.
- A regulatory lens may include filter criteria or modification instructions that indicate a data modification based on legal or regulatory requirements (e.g., for a geographical region or other jurisdiction). The access module may generate adjusted data based on information included in the regulatory lens. For example, the access module may generate data that omits a portion of the data that is prohibited for use in generating a classification recommendation, and include another portion of the data that is permitted for use in generating the classification. In addition, the access module may apply an additional modification, such as emphasizing a portion of the data that is associated with a regulatory incentive (e.g., public health initiatives, tax benefits).
- A time decay lens may include filter criteria or modification instructions that indicate a data modification based on time. Based on the time decay lens, the access module may generate adjusted data based on a date, a time range, or other types of time-related information included in the secured data. For example, the access module may generate adjusted data that includes financial transactions occurring within the most recent seven years and omits transactions occurring longer ago than seven years. In addition, the access module may generate adjusted data that emphasizes a medical event occurring within the most recent year and deemphasizes another medical event occurring ten years ago.
- A weighting lens may include filter criteria or modification instructions that indicate a weight or emphasis placed on a portion of the secured data. Based on the weighting lens, the access module may assign weights to different types of data described by the secured data, such as time-sensitive data. For example, a medical event occurring within the most recent year may be assigned a higher weight than a medical event occurring ten years prior.
- A data confidence lens may include filter criteria or modification instructions that indicate whether a portion of the secured data has a given confidence level. For example, self-reported data based on self-reported information from a customer may have a relatively low confidence level (e.g., the customer may choose to misrepresent the information). In addition, validated data based on validated information (e.g., information provided by the customer, but verified by a third party) may have a confidence level higher than the self-reported data. Also, decision data based on decision information (e.g., from a third-party computing system that has previously generated a classification recommendation for the customer) may have a confidence level higher than the validated data. Also, originator data based on original information (e.g., from a third-party computing system that has generated data related to the customer) may have a confidence level higher than the decision data. In some cases, a confidence in provided data may be derived based on a quality assessment of data previously supplied by a same provider. Based on the data confidence lens, the access module may modify different types of data described by the secured data, such as self-reported data.
- A categorical lens may include filter criteria or modification instructions that indicate a category, such as a category of secured data or a user associated with the secured data, based on a portion of the secured data. For example, filter criteria in a categorical lens may indicate that the portion of secured data describes a user who is self-employed. In some cases, a categorical lens may indicate data that fits a described category (e.g., a whitelist). Additionally or alternatively, a categorical lens may indicate data that falls outside a described category (e.g., a blacklist). Examples of categories described by a categorical lens include (without limitation) employment (e.g., self-employed, commission-based employment), lifestyle (e.g., renter, homeowner, pet owner, prefers outdoor exercise), education (e.g., highest degree earned, alma mater), familial status, or any other suitable category. Adjusted data that is generated based on the categorical lens may omit, include, or modify portions of the secured data (or a granular representation of the secured data) that fit a described category.
- A transactional lens may include filter criteria or modification instructions that indicate relationships between interactions, such as monetary interactions performed by a user associated with the secured data. The access module may generate adjusted data based on the indicated relationships between transactional data. In some cases, the transactional lens may include expert rules capable of determining a similarity between multiple transactions. For example, the similarity may be determined between multiple transactions performed by the user (e.g., across a range of time, across geographical locations), or based on transactions performed by multiple users (e.g., associated with respective portions of secured data), or on a combination of transactions (e.g., by various users, at various times, at various locations). Based on the expert rules, secured data describing one or more transactions performed by a user may be modified to describe a similarity with additional transactions (e.g., by the user, by additional users). In some cases, the secured data describing the one or more transactions may be modified to describe a probability associated with the one or more transactions, such as a probability describing a likelihood of performing an additional transaction of a particular type, a probability describing a risk of non-payment of a monetary transaction, or other suitable probabilities associated with transactions. In some implementations, any combination of the lens types may be used to generate adjusted data. For example, the access module may apply a combination of a data confidence lens and a weighting lens to remove a first portion of the data (e.g., having a low confidence value) and to assign a range of weights to a second portion of the data (e.g., having medium to high confidence values). In an additional example, the access module may apply a combination of a user preference lens and an anonymity lens to determine a user's preferred level of anonymity and to anonymize a portion of the data based on the user's preferred level. In a further example, the access module may apply a combination of an abstraction lens, a regulatory lens, and a time decay lens to determine one or more abstract categories of the data (e.g., medical information, financial information), remove a portion of the data that is prohibited for use in generating a classification recommendation (e.g., remove medical information), and to modify another portion of the data based on a time range (e.g., retain financial information from the most recent seven years, remove financial information older than seven years). Other combinations of lenses, including combinations including multiple lenses from a same type of lens, will be apparent to one skilled in the art of data protection.
- In some implementations, the
access module 110 determines one or more attributes based on thesecured data 330. An attribute may be generated based on mathematical analysis of thesecured data 330. For example, theaccess module 110 may generate an attribute indicating a financial metric (e.g., a debt-to-income ratio). Theaccess module 110 may include the financial metric attribute in the adjusteddata 310, such that therequestor system 160 may access the financial metric attribute via theaccess interface 150 during the time period. In addition, theaccess module 110 may prevent therequestor system 160 from accessing the data on which the financial metric attribute is based. In addition, an attribute may be generated based on patterns, such as behavioral patterns, determined in thesecured data 330. Furthermore, an attribute may be identified by a user, such as an indication received from a user of a characteristic of the user (e.g., family-oriented, prefers outdoor exercise). An attribute may be associated with a profile of the user, such as a profile created by the user to indicate permissions associated with the user's data. - In some cases, attributes may indicate an equivalency of data. An equivalency may indicate a relationship between multiple portions of data, such as between secured data and requested data. For example, the
requestor system 160 may request financial information, such as information related to the cost of living for a person. Therequestor system 160 may request the financial information in relation to a first financial currency and a first country (or other geographical region). However, thesecured data 330 may include information about the person's cost of living in a second country with a second currency. In some cases, theaccess module 110 may generate an attribute indicating an equivalence between thesecured data 330 and the information requested by therequestor system 160. For example, the attribute may be based on thesecured data 330, and one or more lenses related to data equivalence, such as lenses including currency exchange ratios, standards of living for geographical regions, cost of living for geographical regions, or other suitable types of data equivalence. The adjusteddata 310 may include an attribute indicating a cost of living in the first country (e.g., the requested information) and omit data describing a cost of living in the second country (e.g., the information available in the secured data 330). Other types of equivalency attributes may be generated by theaccess module 110, such as equivalency of educational history (e.g., prestige of a degree), employment history (e.g., relative size or worth of companies), lifestyle (e.g., ownership of a car, family size). - In some cases, attributes may be generated based on domain knowledge of established rules (e.g., currency exchange rates). In addition, attributes may be generated (or modified) based on machine learning algorithms. For example, an attribute related to a cost of living may be generated based on domain knowledge describing average income and currency exchange rates. In addition, the attribute may be generated based on machine learning algorithms that determine a prestige associated with a lifestyle choice (e.g., a two-bedroom apartment may be considered minimal in one region, but luxurious in another region).
- In some implementations, a score may be determined based on one or more attributes, such as equivalency attributes or financial metric attributes. In addition, the score may be determined based on a trust associated respectively with each attribute. In some cases, the attributes are weighted, such as with a weight respectively indicating a relative importance of each attribute. In some implementations, the score is determined based on the example Equation 1. However, other implementations are possible.
-
S=f (A, T, W) Eq. 1 - In Equation 1, a score S may be determined as a function f of attributes A, trust factors T, and weights W. The vector A may represent a vector of attributes, such as a vector {a1, a2, a3, . . . an} which includes the attributes a1 through an. In addition, the vector T may represent a vector of trust factors, such as a vector {t1, t2, t3, . . . tn} which includes the trust factors t1 through tn. In addition, the vector W may represent a vector of weights, such as a vector {w1, w2, w3, . . . wn} which includes the weights w1 through wn. In some cases, each respective one of the trust factors t1 through tn is associated with a respective one of the attributes a1 through an. In addition, each respective one of the weights w1 through wn is associated with a respective one of the attributes a1 through an. For example, the trust factor t1 and the weight w1 may each be associated with the attribute a1. In some implementations, the function f may be determined based on domain knowledge, such as rules based on prior experience with one or more of the attributes A. In addition, the function f may be determined based on machine learning algorithms, such as algorithms that learn a relationship between a particular attribute, the trust factor and weight associated with the particular attribute, and an observed historical outcome associated with the particular attribute (e.g., a lending outcome).
- In some implementations, the
access module 110 may generate a score. The score may be included in the adjusteddata 310, and therequestor system 160 may access the score, such as viaaccess interface 150. The score may represent information requested by therequestor system 160, or equivalent data to the requested information. For example, if therequestor system 160 requests information in relation to a first currency and a first geographical region, but thesecured data 330 includes information related to a second currency and a second geographical region, theaccess module 110 may generate a score indicating an equivalence between thesecured data 330 and the information requested by therequestor system 160. In some cases, a score may be associated with a profile of a user. In addition, a score based on attributes may be compared to one or more additional metrics related to a user. For example, a score based on attributes associated with a user may be compared to a credit score for the same user. A combined score may be generated based on the comparison. In addition, the attribute score (or credit score) may be modified based on the credit score (or attribute score). In some implementations, the access module 110 (or another computing system) generates a reason code indicating why a particular attribute score (or combined score) was generated. The reason code may be included in the adjusteddata 310. - In some implementations, a user may interact with his or her personal information, such as secured data or PII, via a requestor system. For example, a customer may use a data curation assistant system that is capable of providing or requesting information related to the customer's personal information. In some cases, one or more of secured data that includes the customer's personal information, or a lens that indicates an instruction provided by the customer (e.g., a user preference lens) may be modified based on information provided or received by the data curation assistant system. As a non-limiting example, the customer may interact with personal credit information via a data curation assistant system, such as by adding or removing information from secured data that includes the personal credit information.
-
FIG. 4 depicts an example of acomputing system 400 via which a user may interact with personal information. For example, the user may interact with the personal data via a datacuration assistant system 460. The datacuration assistant system 460 may be included, for example, in an application that is executed on a personal computing device (e.g., a smartphone, a tablet, a personal computer). In addition, the datacuration assistant system 460 may be provided by an additional computing system, such as a service provided by a remote server, such that the datacuration assistant system 460 is accessible via a web browser or a voice-activated virtual assistant. - In the
computing system 400, a datacuration assistant system 460 may receive inputs from a user, or provide outputs to the user, such as via auser interface 465 that is included in the datacuration assistant system 460. Theuser interface 465 may receive or provide inputs or outputs via a suitable input or output device, such as a keyboard, mouse, display screen, touchscreen, microphone, speaker camera, accelerometer, biometrics (e.g., fingerprint scanner), or any other suitable device. In addition, theuser interface 465 may receive or provide inputs or outputs via an electronic technique, such as a text message, an email, a data object transmitted via one or more networks, or any other suitable technique. In some cases, theuser interface 465 may receive or provide inputs or outputs related to identification or security, such as inputs verifying an identity of the user. - The user may request information via the
user interface 465, such as a request for information stored in thedata repository 140 a. For example, the user may request information that is included in asecured profile 430 that is stored in thedata repository 140 a. Thesecured profile 430 may include sensitive information that is stored on behalf of the user, such as (without limitation) PII, financial information, credit history, employment history, educational history, spending patterns, medical information, or any other type of sensitive information associated with the user. In addition, the sensitive information may be provided by the user (e.g., self-reported), or provided by an additional computing system (e.g., reported by medical or financial institutions), or a combination of these sources. - In some cases, the data
curation assistant system 460 provides aninformation request 461 based on one or more inputs received via theuser interface 465. Theinformation request 461 may include a request to modify thesecured profile 430, such as by adding, removing, or changing data stored in thesecure profile 430, or a request to modify one or more lenses that are associated with thesecured profile 430, or both. In some cases, theinformation request 461 is generated by the datacuration assistant system 460 based on an analysis of inputs to theuser interface 465. For example, based on analysis of the inputs, the datacuration assistant system 460 may identify one or more modifications, and generate theinformation request 461 that includes the identified modifications. - For example, and not by way of limitation, the user may determine that he or she is expecting to purchase a new car. In addition, the user may provide one or more inputs to the data
curation assistant system 460 indicating that he or she is interested in receiving information about car models, car reliability, and options for financing a vehicle. The datacuration assistant system 460 may analyze the inputs and identify, based on the analysis, a first modification that modifies thesecured profile 430, such as by adding financial data (e.g., savings or banking information) to thesecured profile 430. In some cases, the first modification indicates that the added financial data is high-granularity data (e.g., highly detailed records describing saving patterns of the user). In addition, the datacuration assistant system 460 may identify, based on the analysis, a second modification that modifies auser preference lens 422 that is associated with thesecured profile 430, such as by allowing requestor systems associated with car companies or financial lenders to request information included in the secured profile 430 (e.g., to provide an offer that is appropriate to the user's interest in purchasing a car). In some cases, the second modification indicates that the requestor systems are allowed to request low-granularity data (e.g., a low-detail summary of a portion of data from the secured profile 430). In some implementations, theinformation request 461 generated by the datacuration assistant system 460 may include aninstruction 461 a indicating the first modification and aninstruction 461 b indicating the second modification identified by the datacuration assistant system 460. In addition, theinformation request 461 may be generated based on an additional input by the user, such as an input indicating the user's agreement to the modifications identified by the datacuration assistant system 460. - In the
computing system 400, theaccess module 110 may receive theinformation request 461 from the datacuration assistant system 460, via theaccess interface 150. Theinformation request 461 may indicate, based on the includedinstructions access request 411 based on theinstruction 461 a, and provide theaccess request 411 to thedata repository 140 a, via theaccess interface 140 a. Based on theaccess request 411, thedata repository 140 a may perform the first modification, such as by adding the financial data to thesecured profile 430. In some cases, the financial data (or other information for a requested modification) may be included in theaccess request 411. In addition, the financial data (or other information) may be received from an additional computing system, such as from a banking institution indicated by theaccess request 411. - In some implementations, the
access module 110 may modify theuser preference lens 422 based on the instruction 46 lb. For example, theaccess module 110 may update a preference instruction indicated by theuser preference lens 422. The updated preference instruction may allow requestor systems associated with car companies or financial lenders to request information included in thesecured profile 430. Based on the modifiedlens 422, for example, a requestor system associated with a car company may receive adjusted data (e.g., such as adjusteddata 310 described in regards toFIG. 3 ) that represents a portion of thesecured profile 430. In addition, based on the modifiedlens 422, a requestor system associated with a commercial vehicle company may receive adjusted data that does not represent thesecured profile 430. - The
access module 110 may generate adjusteddata 410 based on information associated with one or more of the first and second modifications. For example, the adjusteddata 410 may be generated based on information confirming the performed modifications, such as a confirmation of the first modification (e.g., received from thedata repository 140 a), or of the second modification (e.g., received from thelens 422, or a computing system storing the lens 422). The adjusteddata 410 may be provided to the datacuration assistant system 460 via theaccess interface 150. In addition, the datacuration assistant system 460 may provide an indication of the completed modifications based on the adjusteddata 410, such as a confirmation message displayed via theuser interface 465. In some cases, the adjusteddata 410 is available to the datacuration assistant system 460 during a time period indicated by thetimer 115, such as a time period associated with a secured network session on the datacuration assistant system 460. - In some implementations, the data
curation assistant system 460 may generate additional information requests to further modify thesecured profile 430 or associated lenses. For example, and not by way of limitation, the user may decide that he or she will not be purchasing a new car. The user may provide additional inputs to the datacuration assistant system 460 indicating the decision. Responsive to the additional inputs, the datacuration assistant system 460 may generate an additional information request that includes a modification to thesecured profile 430, such as removing the added financial data, and a modification to theuser preference lens 422, such as by updating a preference instruction to prevent requestor systems from accessing thesecured profile 430. In some cases, the user may control an amount and/or type of data included in thesecured profile 430 via the datacuration assistant system 460. In addition, the user may control an amount and/or type of requestor systems that may request information included in thesecured profile 430. By allowing the user to control thesecured profile 430 and/or control requests for included information, the datacuration assistant system 460 may increase security of sensitive information included in thesecured profile 430. In addition, the user may experience a greater sense of satisfaction or peace of mind by controlling thesecured profile 430 via the datacuration assistant system 460. - Any suitable computing system or group of computing systems can be used for performing the operations described herein. For example,
FIG. 5 is a block diagram depicting a computing system capable of controlling access to data, according to certain implementations. - The depicted example of an
access control system 501 includes one ormore processors 502 communicatively coupled to one ormore memory devices 504. Theprocessor 502 executes computer-executable program code or accesses information stored in thememory device 504. Examples ofprocessor 502 include a microprocessor, an application-specific integrated circuit (“ASIC”), a field-programmable gate array (“FPGA”), or other suitable processing device. Theprocessor 502 can include any number of processing devices, including one. - The
memory device 504 includes any suitable non-transitory computer-readable medium for storing theaccess module 110, thetimer 115, thelens selector module 320, the adjusteddata 310, and other received or determined values or data objects. In some cases, thelenses 120 or one or more of the selectedlenses memory device 504. The computer-readable medium can include any electronic, optical, magnetic, or other storage device capable of providing a processor with computer-readable instructions or other program code. Non-limiting examples of a computer-readable medium include a magnetic disk, a memory chip, a ROM, a RAM, an ASIC, optical storage, magnetic tape or other magnetic storage, or any other medium from which a processing device can read instructions. The instructions may include processor-specific instructions generated by a compiler or an interpreter from code written in any suitable computer-programming language, including, for example, C, C++, C#, Visual Basic, Java, Scala, Python, Perl, JavaScript, and ActionScript. Thememory device 504 may be accessed by theaccess control system 501. In some cases, thememory device 504 may be accessed via an enabled access interface, such as the access interfaces 150 a, 150 b, 150 c, or 150. - The
access control system 501 may also include a number of external or internal devices such as input or output devices. For example, theaccess control system 501 is shown with an input/output (“I/O”)interface 508 that can receive input from input devices or provide output to output devices. Abus 506 can also be included in theaccess control system 501. Thebus 506 can communicatively couple one or more components of theaccess control system 501. - The
access control system 501 executes program code that configures theprocessor 502 to perform one or more of the operations described above with respect toFIGS. 1-3 . The program code includes operations related to, for example, one or more of theaccess module 110, thetimer 115, thelens selector module 320, the adjusteddata 310, or other suitable applications or memory structures that perform one or more operations described herein. The program code may be resident in thememory device 504 or any suitable computer-readable medium and may be executed by theprocessor 502 or any other suitable processor. In some implementations, the program code described above, theaccess module 110, thetimer 115, thelens selector module 320, and the adjusteddata 310 are stored in thememory device 504, as depicted inFIG. 5 . In additional or alternative implementations, one or more of theaccess module 110, thetimer 115, thelens selector module 320, the adjusteddata 310, and the program code described above are stored in one or more memory devices accessible via a data network, such as a memory device accessible via a cloud service. The memory devices accessible via the data network may be secured memory devices, such that access to the adjusteddata 310 is controlled by theaccess control system 501. - The
access control system 501 depicted inFIG. 5 also includes at least onenetwork interface 510. Thenetwork interface 510 includes any device or group of devices suitable for establishing a wired or wireless data connection to one ormore data networks 512. Non-limiting examples of thenetwork interface 510 include an Ethernet network adapter, a modem, and/or the like. In some implementations, one or more of the access interfaces 150 a, 150 b, 150 c, or 150 are implemented via thenetwork interface 510. Additional computing systems, such as therequestor system 160, data repositories 530 (such as thedata repositories lenses 120 can be connected to theaccess control system 501 vianetwork 512, and the additional computing systems may perform some of the operations described herein, such as providingsecured data 330; providing a selectedlens information request 161. Theaccess control system 501 is able to communicate with one or more ofrequestor system 160,data repositories 530, or a computing system including one or more of thelenses 120 the remote computing system 515 using the network interface 510 (such as via one or more of the access interfaces 150 a, 150 b, 150 c, or 150). AlthoughFIG. 5 depicts thelenses 120 as accessible to theaccess control system 501 via thenetworks 512, other implementations are possible, including thelenses 120 being stored in thememory device 504 ofaccess control system 501. - Numerous specific details are set forth herein to provide a thorough understanding of the claimed subject matter. However, those skilled in the art will understand that the claimed subject matter may be practiced without these specific details. In other instances, methods, apparatuses, or systems that would be known by one of ordinary skill have not been described in detail so as not to obscure claimed subject matter.
- Unless specifically stated otherwise, it is appreciated that throughout this specification discussions utilizing terms such as “processing,” “computing,” “calculating,” “determining,” and “identifying” or the like refer to actions or processes of a computing device, such as one or more computers or a similar electronic computing device or devices, that manipulate or transform data represented as physical electronic or magnetic quantities within memories, registers, or other information storage devices, transmission devices, or display devices of the computing platform.
- The system or systems discussed herein are not limited to any particular hardware architecture or configuration. A computing device can include any suitable arrangement of components that provides a result conditioned on one or more inputs. Suitable computing devices include multipurpose microprocessor-based computer systems accessing stored software that programs or configures the computing system from a general purpose computing apparatus to a specialized computing apparatus implementing one or more implementations of the present subject matter. Any suitable programming, scripting, or other type of language or combinations of languages may be used to implement the teachings contained herein in software to be used in programming or configuring a computing device.
- Implementations of the methods disclosed herein may be performed in the operation of such computing devices. The order of the blocks presented in the examples above can be varied—for example, blocks can be re-ordered, combined, and/or broken into sub-blocks. Certain blocks or processes can be performed in parallel.
- The use of “adapted to” or “configured to” herein is meant as open and inclusive language that does not foreclose devices adapted to or configured to perform additional tasks or steps. Additionally, the use of “based on” is meant to be open and inclusive, in that a process, step, calculation, or other action “based on” one or more recited conditions or values may, in practice, be based on additional conditions or values beyond those recited. Headings, lists, and numbering included herein are for ease of explanation only and are not meant to be limiting.
- While the present subject matter has been described in detail with respect to specific implementations thereof, it will be appreciated that those skilled in the art, upon attaining an understanding of the foregoing, may readily produce alterations to, variations of, and equivalents to such implementations. Accordingly, it should be understood that the present disclosure has been presented for purposes of example rather than limitation, and does not preclude inclusion of such modifications, variations, and/or additions to the present subject matter as would be readily apparent to one of ordinary skill in the art.
Claims (20)
Priority Applications (8)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/414,504 US11489843B2 (en) | 2018-05-16 | 2019-05-16 | Controlling access to secured data via timed filtering of data |
AU2019355802A AU2019355802A1 (en) | 2018-10-03 | 2019-09-24 | Controlling access to multi-granularity data |
US16/652,309 US11425144B2 (en) | 2018-05-16 | 2019-09-24 | Controlling access to multi-granularity data |
CA3114361A CA3114361A1 (en) | 2018-10-03 | 2019-09-24 | Controlling access to multi-granularity data |
SG11202102794UA SG11202102794UA (en) | 2018-10-03 | 2019-09-24 | Controlling access to multi-granularity data |
EP19869336.8A EP3861475B1 (en) | 2018-10-03 | 2019-09-24 | Controlling access to multi-granularity data |
PCT/US2019/052655 WO2020072239A1 (en) | 2018-10-03 | 2019-09-24 | Controlling access to multi-granularity data |
US18/048,320 US20230054085A1 (en) | 2018-05-16 | 2022-10-20 | Controlling access to secured data via timed filtering of data |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201862672189P | 2018-05-16 | 2018-05-16 | |
US201862740650P | 2018-10-03 | 2018-10-03 | |
US16/414,504 US11489843B2 (en) | 2018-05-16 | 2019-05-16 | Controlling access to secured data via timed filtering of data |
Related Child Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/652,309 Division US11425144B2 (en) | 2018-05-16 | 2019-09-24 | Controlling access to multi-granularity data |
US18/048,320 Continuation US20230054085A1 (en) | 2018-05-16 | 2022-10-20 | Controlling access to secured data via timed filtering of data |
Publications (2)
Publication Number | Publication Date |
---|---|
US20190356672A1 true US20190356672A1 (en) | 2019-11-21 |
US11489843B2 US11489843B2 (en) | 2022-11-01 |
Family
ID=68532396
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/414,504 Active 2040-11-15 US11489843B2 (en) | 2018-05-16 | 2019-05-16 | Controlling access to secured data via timed filtering of data |
US16/652,309 Active US11425144B2 (en) | 2018-05-16 | 2019-09-24 | Controlling access to multi-granularity data |
US18/048,320 Pending US20230054085A1 (en) | 2018-05-16 | 2022-10-20 | Controlling access to secured data via timed filtering of data |
Family Applications After (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/652,309 Active US11425144B2 (en) | 2018-05-16 | 2019-09-24 | Controlling access to multi-granularity data |
US18/048,320 Pending US20230054085A1 (en) | 2018-05-16 | 2022-10-20 | Controlling access to secured data via timed filtering of data |
Country Status (1)
Country | Link |
---|---|
US (3) | US11489843B2 (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10984492B2 (en) * | 2019-03-06 | 2021-04-20 | Advanced New Technologies Co., Ltd. | Managing housing scores using smart contracts in blockchain networks |
US20210173899A1 (en) * | 2019-12-05 | 2021-06-10 | Sony Interactive Entertainment LLC | Secure access to shared digital content |
US11107158B1 (en) | 2014-02-14 | 2021-08-31 | Experian Information Solutions, Inc. | Automatic generation of code for attributes |
US11157872B2 (en) | 2008-06-26 | 2021-10-26 | Experian Marketing Solutions, Llc | Systems and methods for providing an integrated identifier |
US11217223B2 (en) | 2020-04-28 | 2022-01-04 | International Business Machines Corporation | Speaker identity and content de-identification |
US11227001B2 (en) | 2017-01-31 | 2022-01-18 | Experian Information Solutions, Inc. | Massive scale heterogeneous data ingestion and user resolution |
US11308170B2 (en) | 2007-03-30 | 2022-04-19 | Consumerinfo.Com, Inc. | Systems and methods for data verification |
US11449674B2 (en) * | 2020-04-28 | 2022-09-20 | International Business Machines Corporation | Utility-preserving text de-identification with privacy guarantees |
US11734234B1 (en) | 2018-09-07 | 2023-08-22 | Experian Information Solutions, Inc. | Data architecture for supporting multiple search models |
US11880377B1 (en) | 2021-03-26 | 2024-01-23 | Experian Information Solutions, Inc. | Systems and methods for entity resolution |
US11941065B1 (en) | 2019-09-13 | 2024-03-26 | Experian Information Solutions, Inc. | Single identifier platform for storing entity data |
Families Citing this family (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9853959B1 (en) | 2012-05-07 | 2017-12-26 | Consumerinfo.Com, Inc. | Storage and maintenance of personal data |
US9654541B1 (en) | 2012-11-12 | 2017-05-16 | Consumerinfo.Com, Inc. | Aggregating user web browsing data |
US9916621B1 (en) | 2012-11-30 | 2018-03-13 | Consumerinfo.Com, Inc. | Presentation of credit score factors |
US10102570B1 (en) | 2013-03-14 | 2018-10-16 | Consumerinfo.Com, Inc. | Account vulnerability alerts |
US9477737B1 (en) | 2013-11-20 | 2016-10-25 | Consumerinfo.Com, Inc. | Systems and user interfaces for dynamic access of multiple remote databases and synchronization of data based on user rules |
US10880313B2 (en) | 2018-09-05 | 2020-12-29 | Consumerinfo.Com, Inc. | Database platform for realtime updating of user data from third party sources |
US11315179B1 (en) | 2018-11-16 | 2022-04-26 | Consumerinfo.Com, Inc. | Methods and apparatuses for customized card recommendations |
US11238656B1 (en) | 2019-02-22 | 2022-02-01 | Consumerinfo.Com, Inc. | System and method for an augmented reality experience via an artificial intelligence bot |
US11641665B2 (en) | 2020-09-09 | 2023-05-02 | Self Financial, Inc. | Resource utilization retrieval and modification |
US20220075877A1 (en) | 2020-09-09 | 2022-03-10 | Self Financial, Inc. | Interface and system for updating isolated repositories |
US11470037B2 (en) | 2020-09-09 | 2022-10-11 | Self Financial, Inc. | Navigation pathway generation |
US11475010B2 (en) * | 2020-09-09 | 2022-10-18 | Self Financial, Inc. | Asynchronous database caching |
US11848857B1 (en) | 2022-07-11 | 2023-12-19 | Red Hat, Inc. | Dynamic API gateway routing based on request metadata |
Family Cites Families (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5724556A (en) | 1995-04-14 | 1998-03-03 | Oracle Corporation | Method and apparatus for defining and configuring modules of data objects and programs in a distributed computer system |
US8914410B2 (en) * | 1999-02-16 | 2014-12-16 | Sonicwall, Inc. | Query interface to policy server |
US7346921B2 (en) | 2001-04-30 | 2008-03-18 | Ge Capital Corporation | Definition of low-level security rules in terms of high-level security concepts |
US20070027810A1 (en) | 2005-08-01 | 2007-02-01 | Sbc Knowledge Ventures, L.P. | Portfolio and resource tracking system |
US8151323B2 (en) * | 2006-04-12 | 2012-04-03 | Citrix Systems, Inc. | Systems and methods for providing levels of access and action control via an SSL VPN appliance |
US9015301B2 (en) * | 2007-01-05 | 2015-04-21 | Digital Doors, Inc. | Information infrastructure management tools with extractor, secure storage, content analysis and classification and method therefor |
US8375427B2 (en) | 2010-04-21 | 2013-02-12 | International Business Machines Corporation | Holistic risk-based identity establishment for eligibility determinations in context of an application |
US9904797B2 (en) * | 2010-12-27 | 2018-02-27 | Nokia Technologies Oy | Method and apparatus for providing data based on granularity information |
US8943313B2 (en) * | 2011-07-19 | 2015-01-27 | Elwha Llc | Fine-grained security in federated data sets |
US10242383B2 (en) | 2011-08-24 | 2019-03-26 | Sanal Sasankan | Method and system for delivering advertisements in a store |
US9916538B2 (en) * | 2012-09-15 | 2018-03-13 | Z Advanced Computing, Inc. | Method and system for feature detection |
US10311522B1 (en) * | 2012-09-17 | 2019-06-04 | Zuora, Inc. | System and method for managing and editing accounting periods |
US9785786B2 (en) | 2012-09-24 | 2017-10-10 | Protegrity Corporation | Privacy preserving data search |
US9628468B2 (en) * | 2013-09-20 | 2017-04-18 | Oracle International Corporation | Web-based single sign-on with form-fill proxy application |
WO2015089171A1 (en) * | 2013-12-11 | 2015-06-18 | Intralinks, Inc. | Customizable secure data exchange environment |
JP6334915B2 (en) | 2013-12-26 | 2018-05-30 | 富士通クラウドテクノロジーズ株式会社 | Anonymization system |
CN103810441A (en) | 2014-01-28 | 2014-05-21 | 浙江大学 | Multi-granularity remote sensing data access method based on rules |
WO2016014021A1 (en) | 2014-07-21 | 2016-01-28 | Hewlett-Packard Development Company, L.P. | Security indicator linkage determination |
US20190172564A1 (en) | 2017-12-05 | 2019-06-06 | International Business Machines Corporation | Early cost prediction and risk identification |
-
2019
- 2019-05-16 US US16/414,504 patent/US11489843B2/en active Active
- 2019-09-24 US US16/652,309 patent/US11425144B2/en active Active
-
2022
- 2022-10-20 US US18/048,320 patent/US20230054085A1/en active Pending
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11308170B2 (en) | 2007-03-30 | 2022-04-19 | Consumerinfo.Com, Inc. | Systems and methods for data verification |
US11769112B2 (en) | 2008-06-26 | 2023-09-26 | Experian Marketing Solutions, Llc | Systems and methods for providing an integrated identifier |
US11157872B2 (en) | 2008-06-26 | 2021-10-26 | Experian Marketing Solutions, Llc | Systems and methods for providing an integrated identifier |
US11107158B1 (en) | 2014-02-14 | 2021-08-31 | Experian Information Solutions, Inc. | Automatic generation of code for attributes |
US11847693B1 (en) | 2014-02-14 | 2023-12-19 | Experian Information Solutions, Inc. | Automatic generation of code for attributes |
US11227001B2 (en) | 2017-01-31 | 2022-01-18 | Experian Information Solutions, Inc. | Massive scale heterogeneous data ingestion and user resolution |
US11681733B2 (en) | 2017-01-31 | 2023-06-20 | Experian Information Solutions, Inc. | Massive scale heterogeneous data ingestion and user resolution |
US11734234B1 (en) | 2018-09-07 | 2023-08-22 | Experian Information Solutions, Inc. | Data architecture for supporting multiple search models |
US10984492B2 (en) * | 2019-03-06 | 2021-04-20 | Advanced New Technologies Co., Ltd. | Managing housing scores using smart contracts in blockchain networks |
US11941065B1 (en) | 2019-09-13 | 2024-03-26 | Experian Information Solutions, Inc. | Single identifier platform for storing entity data |
US20210173899A1 (en) * | 2019-12-05 | 2021-06-10 | Sony Interactive Entertainment LLC | Secure access to shared digital content |
US11748456B2 (en) * | 2019-12-05 | 2023-09-05 | Sony Interactive Entertainment Inc. | Secure access to shared digital content |
US11217223B2 (en) | 2020-04-28 | 2022-01-04 | International Business Machines Corporation | Speaker identity and content de-identification |
US11580951B2 (en) | 2020-04-28 | 2023-02-14 | International Business Machines Corporation | Speaker identity and content de-identification |
US11449674B2 (en) * | 2020-04-28 | 2022-09-20 | International Business Machines Corporation | Utility-preserving text de-identification with privacy guarantees |
US11880377B1 (en) | 2021-03-26 | 2024-01-23 | Experian Information Solutions, Inc. | Systems and methods for entity resolution |
Also Published As
Publication number | Publication date |
---|---|
US11489843B2 (en) | 2022-11-01 |
US20210234869A1 (en) | 2021-07-29 |
US20230054085A1 (en) | 2023-02-23 |
US11425144B2 (en) | 2022-08-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11489843B2 (en) | Controlling access to secured data via timed filtering of data | |
EP3861475B1 (en) | Controlling access to multi-granularity data | |
US10846426B2 (en) | Methods and systems for secure document management | |
Watson et al. | Addressing the growing need for algorithmic transparency | |
US20220326997A1 (en) | Secure resource management to prevent resource abuse | |
CN112465627B (en) | Financial loan auditing method and system based on block chain and machine learning | |
US10754981B2 (en) | Data processing systems for fulfilling data subject access requests and related methods | |
US20180357563A1 (en) | Data Processing System with Machine Learning Engine to Provide Profile Generation and Event Control Functions | |
JP7204790B2 (en) | Data protection inquiry interface | |
US11295316B2 (en) | Data processing systems for identity validation for consumer rights requests and related methods | |
US20230267470A1 (en) | Flexible authentication | |
Shyy | The GDPR's Lose-Lose Dilemma: Minimal Benefits to Data Privacy & Significant Burdens on Business | |
US9384366B2 (en) | System for encoding customer data | |
US20230125814A1 (en) | Credit score management apparatus, credit score management method, and computer readable recording medium | |
MacMillan | Big Data, Machine Learning, Consumer Protection and Privacy | |
US9443103B2 (en) | System for encoding customer data | |
US11074367B2 (en) | Data processing systems for identity validation for consumer rights requests and related methods | |
US20230342605A1 (en) | Multi-stage machine-learning techniques for risk assessment | |
US20220035945A1 (en) | Data processing systems for fulfilling data subject access requests and related methods | |
SECTOR et al. | FINANCIAL INCLUSION GLOBAL INITIATIVE (FIGI) | |
Chen et al. | Research on the Personal Data Portability Based on the Perspective of Property Rights Theory in the Context of Enterprise Digital Transformation | |
Bolton et al. | Understanding Big Data: Data Calculus in the Digital Era | |
US9443251B2 (en) | System for encoding customer data | |
Govada | A Systems Approach to Understanding Challenges in Preserving User Privacy | |
Young | The Right to Be Forgotten and the Domains of Identity. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
AS | Assignment |
Owner name: EQUIFAX INC., GEORGIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BONDUGULA, RAJKUMAR;YASKO, CHRISTOPHER;REEL/FRAME:051895/0109 Effective date: 20190624 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |